Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996

  • Size

    338KB

  • Sample

    240715-g27s7avemg

  • MD5

    b5b30c90c7a8e25971d6d105f71e4e2c

  • SHA1

    ee9edda1ecd9c0d62a1dc43f268b6424889f43c9

  • SHA256

    c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996

  • SHA512

    093784ce23a3a6dec3bee71b538fc6f72ab8cac2f37f2d8f1d6af7fc23b9b39af7325ad14a35e40069a3c126875fa1de92949f023d369f7782c8d28ec9e6b3c6

  • SSDEEP

    6144:kY1jkmalKcYdvkMEdRE29UHYOhQWr3cYHwyqWo9jktoANQnMxuch7uw2di8bEO:kcEKc+kMcIogwye1TCCi8bEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996

    • Size

      338KB

    • MD5

      b5b30c90c7a8e25971d6d105f71e4e2c

    • SHA1

      ee9edda1ecd9c0d62a1dc43f268b6424889f43c9

    • SHA256

      c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996

    • SHA512

      093784ce23a3a6dec3bee71b538fc6f72ab8cac2f37f2d8f1d6af7fc23b9b39af7325ad14a35e40069a3c126875fa1de92949f023d369f7782c8d28ec9e6b3c6

    • SSDEEP

      6144:kY1jkmalKcYdvkMEdRE29UHYOhQWr3cYHwyqWo9jktoANQnMxuch7uw2di8bEO:kcEKc+kMcIogwye1TCCi8bEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks