Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5433af80b6ed7a9ec9e5c9d1795cbfe5c7452f99f15690d5f2a3b5fefe79ae0

  • Size

    338KB

  • Sample

    240715-gbbcastcjd

  • MD5

    baf2a9c537ac2ab2453d6c4d495c4766

  • SHA1

    0c68d02008760e2f4d79926c605caea0fe411805

  • SHA256

    d5433af80b6ed7a9ec9e5c9d1795cbfe5c7452f99f15690d5f2a3b5fefe79ae0

  • SHA512

    14602a5b1e61de2bd36436ae2439bc79b1817f2c40c5ee0d1ec461b5724d17896209c8293b7e7c96aa482682b554f31e73c6b7bff4e4e1c0d494b75d7f2bc968

  • SSDEEP

    6144:+wDS//xpP+AegMMtRvu3LqBO/QWrYDiqSoV68BtQh45/AHF1iE2di8vEO:+jpP6gMESU+q3ZtQa5g1Ui8vEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      d5433af80b6ed7a9ec9e5c9d1795cbfe5c7452f99f15690d5f2a3b5fefe79ae0

    • Size

      338KB

    • MD5

      baf2a9c537ac2ab2453d6c4d495c4766

    • SHA1

      0c68d02008760e2f4d79926c605caea0fe411805

    • SHA256

      d5433af80b6ed7a9ec9e5c9d1795cbfe5c7452f99f15690d5f2a3b5fefe79ae0

    • SHA512

      14602a5b1e61de2bd36436ae2439bc79b1817f2c40c5ee0d1ec461b5724d17896209c8293b7e7c96aa482682b554f31e73c6b7bff4e4e1c0d494b75d7f2bc968

    • SSDEEP

      6144:+wDS//xpP+AegMMtRvu3LqBO/QWrYDiqSoV68BtQh45/AHF1iE2di8vEO:+jpP6gMESU+q3ZtQa5g1Ui8vEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks