Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd97f747f9e8e41aa59c8434e5e2b24caa35f1bf61bf368db113546689951546

  • Size

    338KB

  • Sample

    240715-e5dy6sxhpl

  • MD5

    ce600a1d2538baedb55117c3869b1892

  • SHA1

    e886f8eb0c29f1849c773c1ff289dbfcdfb31251

  • SHA256

    bd97f747f9e8e41aa59c8434e5e2b24caa35f1bf61bf368db113546689951546

  • SHA512

    aed9c50d2ca682b1f57454fad3f0f733775eb01664d031899289511584e30a404bb044b121a683b610e630b41dbda8ef6edeacf731bb93b40fc571aa8b8e39d0

  • SSDEEP

    6144:PY1j9malKcYdvkMEdRE29UHYOhQWrOXkS95EOIUPTAipa7Z2di8bEO:PxEKc+kMcIMtI4TAipa0i8bEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      bd97f747f9e8e41aa59c8434e5e2b24caa35f1bf61bf368db113546689951546

    • Size

      338KB

    • MD5

      ce600a1d2538baedb55117c3869b1892

    • SHA1

      e886f8eb0c29f1849c773c1ff289dbfcdfb31251

    • SHA256

      bd97f747f9e8e41aa59c8434e5e2b24caa35f1bf61bf368db113546689951546

    • SHA512

      aed9c50d2ca682b1f57454fad3f0f733775eb01664d031899289511584e30a404bb044b121a683b610e630b41dbda8ef6edeacf731bb93b40fc571aa8b8e39d0

    • SSDEEP

      6144:PY1j9malKcYdvkMEdRE29UHYOhQWrOXkS95EOIUPTAipa7Z2di8bEO:PxEKc+kMcIMtI4TAipa0i8bEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks