Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3de1df3bb5e39deb551870ed8d095badd4be64d6255d410db259ee7c874ff2eb

  • Size

    338KB

  • Sample

    240715-a3nndazepr

  • MD5

    7533bf456c88e3e5afaf4bf605a17464

  • SHA1

    3300ac9a6adfe566b2e67ce1e233ccaec5e869c9

  • SHA256

    3de1df3bb5e39deb551870ed8d095badd4be64d6255d410db259ee7c874ff2eb

  • SHA512

    74fb0f0da71a452a97aabdae43eb0ed822562e6ea9a1aa90e4281041fb64d30882980294d489f100263bcfc9cb91b4498662f2b965b4ce8403e5f961e5bc46e4

  • SSDEEP

    6144:/Y1jumalKcYdvkMEdRE29UHYOhQWrsJwhOuo8X2Ll02di8bEO:/aEKc+kMcILo8Xkzi8bEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      3de1df3bb5e39deb551870ed8d095badd4be64d6255d410db259ee7c874ff2eb

    • Size

      338KB

    • MD5

      7533bf456c88e3e5afaf4bf605a17464

    • SHA1

      3300ac9a6adfe566b2e67ce1e233ccaec5e869c9

    • SHA256

      3de1df3bb5e39deb551870ed8d095badd4be64d6255d410db259ee7c874ff2eb

    • SHA512

      74fb0f0da71a452a97aabdae43eb0ed822562e6ea9a1aa90e4281041fb64d30882980294d489f100263bcfc9cb91b4498662f2b965b4ce8403e5f961e5bc46e4

    • SSDEEP

      6144:/Y1jumalKcYdvkMEdRE29UHYOhQWrsJwhOuo8X2Ll02di8bEO:/aEKc+kMcILo8Xkzi8bEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks