Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76850b016568141ad2cd2ca53d618eb7c7e74382980456f4f9b04c1119e2d0a4

  • Size

    338KB

  • Sample

    240715-dahhfaxckg

  • MD5

    4d161acac8072598453d0ecb9efc814e

  • SHA1

    f1e70782efcf9820b2aea92f1160d16a26763fc2

  • SHA256

    76850b016568141ad2cd2ca53d618eb7c7e74382980456f4f9b04c1119e2d0a4

  • SHA512

    1ba53bacae043159d60fef286b27f44a6ddf6cfcc10f0a9b42f2cb0c2b05148c4d732677fbeec46acfbfc63f5489b6aa78cfff75f9cbc2e20d77e144b0e85b79

  • SSDEEP

    6144:rwDSD/xpP+AegMMtRvu3LqBO/QWr9MgZPF3rA3CNpzeQl8W8zT2di8vEO:r3pP6gMEShMgZPF383CK0TXi8vEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      76850b016568141ad2cd2ca53d618eb7c7e74382980456f4f9b04c1119e2d0a4

    • Size

      338KB

    • MD5

      4d161acac8072598453d0ecb9efc814e

    • SHA1

      f1e70782efcf9820b2aea92f1160d16a26763fc2

    • SHA256

      76850b016568141ad2cd2ca53d618eb7c7e74382980456f4f9b04c1119e2d0a4

    • SHA512

      1ba53bacae043159d60fef286b27f44a6ddf6cfcc10f0a9b42f2cb0c2b05148c4d732677fbeec46acfbfc63f5489b6aa78cfff75f9cbc2e20d77e144b0e85b79

    • SSDEEP

      6144:rwDSD/xpP+AegMMtRvu3LqBO/QWr9MgZPF3rA3CNpzeQl8W8zT2di8vEO:r3pP6gMEShMgZPF383CK0TXi8vEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks