Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72f7c75df4e4ab26e7acd3444ba41da2e36ca7bafdae541a95695bbc6d1b406f

  • Size

    338KB

  • Sample

    240715-flam3s1hkc

  • MD5

    b99d398d7f4a96a9e94375d05be7b7b0

  • SHA1

    01325d679e46a6a63a75081490b22c6cd90a419c

  • SHA256

    72f7c75df4e4ab26e7acd3444ba41da2e36ca7bafdae541a95695bbc6d1b406f

  • SHA512

    dc000c1775ec2192a7e7c03d784490af5e19ec874fbe0f5b48b4152f4229494e13d821169519cf761072f311245ba05a803e8ebdf88e2c999616568d7ba4a51a

  • SSDEEP

    6144:CwbSZ/5pP+AegMMtRvu3LqBO/QWrBvwzz2VBFHZzdwLpa2di83EO:CFpP6gMEylIzMFHZ5wVti83EO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      72f7c75df4e4ab26e7acd3444ba41da2e36ca7bafdae541a95695bbc6d1b406f

    • Size

      338KB

    • MD5

      b99d398d7f4a96a9e94375d05be7b7b0

    • SHA1

      01325d679e46a6a63a75081490b22c6cd90a419c

    • SHA256

      72f7c75df4e4ab26e7acd3444ba41da2e36ca7bafdae541a95695bbc6d1b406f

    • SHA512

      dc000c1775ec2192a7e7c03d784490af5e19ec874fbe0f5b48b4152f4229494e13d821169519cf761072f311245ba05a803e8ebdf88e2c999616568d7ba4a51a

    • SSDEEP

      6144:CwbSZ/5pP+AegMMtRvu3LqBO/QWrBvwzz2VBFHZzdwLpa2di83EO:CFpP6gMEylIzMFHZ5wVti83EO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks