Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c67f7a31914a4a43fe3ddfa65b330362c428027f2d43212600b69cd0f5b59ee

  • Size

    338KB

  • Sample

    240715-dnh15axgrc

  • MD5

    f3c5193858d37c821760faac17e5f75e

  • SHA1

    91d73859b2fedbda6ae0f5a4b4f3de0f54d6671a

  • SHA256

    8c67f7a31914a4a43fe3ddfa65b330362c428027f2d43212600b69cd0f5b59ee

  • SHA512

    42ef18abd180b9c62fc7690fb97b5e33725d01f8330fe209825b78ea5d58ae9aea80d171c6b9fc8134fb103b4fa109fc5f3e4ec24e56a35ec815c81dbb67c564

  • SSDEEP

    6144:ZwTSy/BpP+AegMMtRvu3LqBOkQWrfQlMTCfxZs1KjqQiF0Kdp22di8MEO:Z8pP6gMEhzYz8wjABphi8MEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      8c67f7a31914a4a43fe3ddfa65b330362c428027f2d43212600b69cd0f5b59ee

    • Size

      338KB

    • MD5

      f3c5193858d37c821760faac17e5f75e

    • SHA1

      91d73859b2fedbda6ae0f5a4b4f3de0f54d6671a

    • SHA256

      8c67f7a31914a4a43fe3ddfa65b330362c428027f2d43212600b69cd0f5b59ee

    • SHA512

      42ef18abd180b9c62fc7690fb97b5e33725d01f8330fe209825b78ea5d58ae9aea80d171c6b9fc8134fb103b4fa109fc5f3e4ec24e56a35ec815c81dbb67c564

    • SSDEEP

      6144:ZwTSy/BpP+AegMMtRvu3LqBOkQWrfQlMTCfxZs1KjqQiF0Kdp22di8MEO:Z8pP6gMEhzYz8wjABphi8MEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks