Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    940d522ebe4f0ea7b476a6fd96c19c4ef8737681252c3bb125b2fa70e61777e3

  • Size

    338KB

  • Sample

    240715-d2ln6sydrc

  • MD5

    f42ce22348a4025f60aaf8862de664bc

  • SHA1

    603955fbac1d88200fa3309565f15d7197a199a1

  • SHA256

    940d522ebe4f0ea7b476a6fd96c19c4ef8737681252c3bb125b2fa70e61777e3

  • SHA512

    43ed750cf04bb5061e70624ca547fdead79378d62f8d94889d8c3e0c02d6a2ee9f8ded086e6ede37cfa71b8c027fc4d10b561043b4c9a965f200ecd2bacdd5b3

  • SSDEEP

    6144:NwrSC/JpP+AegMMtRvu3LqBOkQWrXwXwvQ0VXqcE97w+NCdSO2di8UEO:N4pP6gMEBsgvQ0Vow+NCdii8UEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      940d522ebe4f0ea7b476a6fd96c19c4ef8737681252c3bb125b2fa70e61777e3

    • Size

      338KB

    • MD5

      f42ce22348a4025f60aaf8862de664bc

    • SHA1

      603955fbac1d88200fa3309565f15d7197a199a1

    • SHA256

      940d522ebe4f0ea7b476a6fd96c19c4ef8737681252c3bb125b2fa70e61777e3

    • SHA512

      43ed750cf04bb5061e70624ca547fdead79378d62f8d94889d8c3e0c02d6a2ee9f8ded086e6ede37cfa71b8c027fc4d10b561043b4c9a965f200ecd2bacdd5b3

    • SSDEEP

      6144:NwrSC/JpP+AegMMtRvu3LqBOkQWrXwXwvQ0VXqcE97w+NCdSO2di8UEO:N4pP6gMEBsgvQ0Vow+NCdii8UEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks