Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f03a33ebb76633ed02bd77525a9448b7cabceb79303664a4d7eb06309d8d5542

  • Size

    338KB

  • Sample

    240715-btn38a1hjr

  • MD5

    e2590fa9d62c9f74fa866f0af17dfe36

  • SHA1

    e0ba5eb2f80d1a2d9a338ab6092fc0b5d8747d88

  • SHA256

    f03a33ebb76633ed02bd77525a9448b7cabceb79303664a4d7eb06309d8d5542

  • SHA512

    8cf071606ddb316d0e4df637f08b57d5e57e723dee7a3e33b0d50d0e4d44cb015d209ebad0733d35756130490374ef946dfb7e21dd00f1f9937b2e7bfb1563f3

  • SSDEEP

    6144:6wrSc/JpP+AegMMtRvu3LqBOkQWrH0wBKgu4gM4zxnoHfn2di8UEO:62pP6gMEBwwb0N8fCi8UEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      f03a33ebb76633ed02bd77525a9448b7cabceb79303664a4d7eb06309d8d5542

    • Size

      338KB

    • MD5

      e2590fa9d62c9f74fa866f0af17dfe36

    • SHA1

      e0ba5eb2f80d1a2d9a338ab6092fc0b5d8747d88

    • SHA256

      f03a33ebb76633ed02bd77525a9448b7cabceb79303664a4d7eb06309d8d5542

    • SHA512

      8cf071606ddb316d0e4df637f08b57d5e57e723dee7a3e33b0d50d0e4d44cb015d209ebad0733d35756130490374ef946dfb7e21dd00f1f9937b2e7bfb1563f3

    • SSDEEP

      6144:6wrSc/JpP+AegMMtRvu3LqBOkQWrH0wBKgu4gM4zxnoHfn2di8UEO:62pP6gMEBwwb0N8fCi8UEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks