Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92682078977a588ba4cc3dfe7ce9d744bf752a635ab73c027cdbae68ff8e749f_dump.exe

  • Size

    109KB

  • Sample

    240715-a87y7szhkj

  • MD5

    2da5e6b97759d3537cbd23e9fdb2b770

  • SHA1

    cabbf38051fa6657e28a12dee92042e44d8b72cb

  • SHA256

    4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5

  • SHA512

    7ea710ed16326bd0841f403c9db260a20dfec5f22fe2fd85970d51764e612c4a495a7c9abec6999dc8e1a7134656a4d65994c8f4cc138bb353b43a7be9b1698b

  • SSDEEP

    1536:jr7WmLwJll8imS4qZyNRMCuCDGSLf0Rc/cVjpnrRWKkystINby+xXm8lMwGHG6w:jmdyGSLfIFtnrRKysYyMWvpm6w

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      92682078977a588ba4cc3dfe7ce9d744bf752a635ab73c027cdbae68ff8e749f_dump.exe

    • Size

      109KB

    • MD5

      2da5e6b97759d3537cbd23e9fdb2b770

    • SHA1

      cabbf38051fa6657e28a12dee92042e44d8b72cb

    • SHA256

      4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5

    • SHA512

      7ea710ed16326bd0841f403c9db260a20dfec5f22fe2fd85970d51764e612c4a495a7c9abec6999dc8e1a7134656a4d65994c8f4cc138bb353b43a7be9b1698b

    • SSDEEP

      1536:jr7WmLwJll8imS4qZyNRMCuCDGSLf0Rc/cVjpnrRWKkystINby+xXm8lMwGHG6w:jmdyGSLfIFtnrRKysYyMWvpm6w

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks