Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f0e4ed05d8181ee17d6494f55c4c403c394157578ba2e0d4224629a2124b42dd

  • Size

    338KB

  • Sample

    240715-ed1c4awgqq

  • MD5

    dad5fb64fa9e67a32691cc8a94ef721c

  • SHA1

    76a8f787cdc8808abeaed5208d62974baf82412f

  • SHA256

    f0e4ed05d8181ee17d6494f55c4c403c394157578ba2e0d4224629a2124b42dd

  • SHA512

    197b03a5e5637c8f856bd0b86fcab10347ee20df99e206badf964f0c9d158da9a65ebbc5a4b76e573a875529851fd190fdb48d1bd78547930f89de0fc49112b1

  • SSDEEP

    6144:hwLSe/ppP+AegMMtRvu3LqBO/QWr8NvEDtABttsdhdEt2di8nEO:h4pP6gMEyoN0DdhdNi8nEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      f0e4ed05d8181ee17d6494f55c4c403c394157578ba2e0d4224629a2124b42dd

    • Size

      338KB

    • MD5

      dad5fb64fa9e67a32691cc8a94ef721c

    • SHA1

      76a8f787cdc8808abeaed5208d62974baf82412f

    • SHA256

      f0e4ed05d8181ee17d6494f55c4c403c394157578ba2e0d4224629a2124b42dd

    • SHA512

      197b03a5e5637c8f856bd0b86fcab10347ee20df99e206badf964f0c9d158da9a65ebbc5a4b76e573a875529851fd190fdb48d1bd78547930f89de0fc49112b1

    • SSDEEP

      6144:hwLSe/ppP+AegMMtRvu3LqBO/QWr8NvEDtABttsdhdEt2di8nEO:h4pP6gMEyoN0DdhdNi8nEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks