Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9152f7f728a81d719eeb8791a097b3a91cdfaaf57bce8d5c8506192eeb55a3c0

  • Size

    338KB

  • Sample

    240715-bfnwastcnf

  • MD5

    6d4ce017ef63e4b925ba95ae05e473c7

  • SHA1

    98dbc3f01381fcc0ba1a1b52cd88c8fba61e02ce

  • SHA256

    9152f7f728a81d719eeb8791a097b3a91cdfaaf57bce8d5c8506192eeb55a3c0

  • SHA512

    9bccf5a4db39e21bdb04abb632fa5ee87cd8384c6ada32a6c05b6ca8f543cbcbba03c9db9a280dc27d3a5530eb122eb0d65983ce3fa1f1c18af3c2265d6371f9

  • SSDEEP

    6144:pwDS//xpP+AegMMtRvu3LqBO/QWraUfnQN2kVvmQ7251XL32di8vEO:pjpP6gMESOUvgc62Pbyi8vEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      9152f7f728a81d719eeb8791a097b3a91cdfaaf57bce8d5c8506192eeb55a3c0

    • Size

      338KB

    • MD5

      6d4ce017ef63e4b925ba95ae05e473c7

    • SHA1

      98dbc3f01381fcc0ba1a1b52cd88c8fba61e02ce

    • SHA256

      9152f7f728a81d719eeb8791a097b3a91cdfaaf57bce8d5c8506192eeb55a3c0

    • SHA512

      9bccf5a4db39e21bdb04abb632fa5ee87cd8384c6ada32a6c05b6ca8f543cbcbba03c9db9a280dc27d3a5530eb122eb0d65983ce3fa1f1c18af3c2265d6371f9

    • SSDEEP

      6144:pwDS//xpP+AegMMtRvu3LqBO/QWraUfnQN2kVvmQ7251XL32di8vEO:pjpP6gMESOUvgc62Pbyi8vEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks