Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e54394d42cb8004e78994323058b17990e7bd4c8c4f94621ff9a8d93ab6bf64

  • Size

    338KB

  • Sample

    240715-erg4nszfkb

  • MD5

    d7a3938f82334528c1d6bce9542fda75

  • SHA1

    09d970e274be0866a6903cb187c81d28628d4f27

  • SHA256

    3e54394d42cb8004e78994323058b17990e7bd4c8c4f94621ff9a8d93ab6bf64

  • SHA512

    77c86ed4ee0a15a3d04e68404eb7f9637c2334248da8c726d72e3e253383cbc94d568d9e477d9b526061d8425a0989580f5c8f7c20096aabe73ad9061b116e95

  • SSDEEP

    6144:RwTSv/BpP+AegMMtRvu3LqBOkQWrR/Q5VGgvopL72di8MEO:RTpP6gMEh4GF0i8MEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      3e54394d42cb8004e78994323058b17990e7bd4c8c4f94621ff9a8d93ab6bf64

    • Size

      338KB

    • MD5

      d7a3938f82334528c1d6bce9542fda75

    • SHA1

      09d970e274be0866a6903cb187c81d28628d4f27

    • SHA256

      3e54394d42cb8004e78994323058b17990e7bd4c8c4f94621ff9a8d93ab6bf64

    • SHA512

      77c86ed4ee0a15a3d04e68404eb7f9637c2334248da8c726d72e3e253383cbc94d568d9e477d9b526061d8425a0989580f5c8f7c20096aabe73ad9061b116e95

    • SSDEEP

      6144:RwTSv/BpP+AegMMtRvu3LqBOkQWrR/Q5VGgvopL72di8MEO:RTpP6gMEh4GF0i8MEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks