Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4

  • Size

    338KB

  • Sample

    240715-gnvlpsthkf

  • MD5

    aa4d6148e2daf9bf88f81e895a22d806

  • SHA1

    055721fc6ee9d3d05a64075376a06de92a1a3648

  • SHA256

    3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4

  • SHA512

    f36c6ce0b089281cf5cd07ff473707f351db7b6948fb6a81649fe6274e045a7a730de7d23046d76b6072f20b230af9d8d05907c6e6e6c640f9e0740088c3c25f

  • SSDEEP

    6144:xwrSV/JpP+AegMMtRvu3LqBOkQWrRxBaFC0i3ggvE5UB0g+TI902di8UEO:xRpP6gMEBFxQC0i3Z85Vg+M9zi8UEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4

    • Size

      338KB

    • MD5

      aa4d6148e2daf9bf88f81e895a22d806

    • SHA1

      055721fc6ee9d3d05a64075376a06de92a1a3648

    • SHA256

      3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4

    • SHA512

      f36c6ce0b089281cf5cd07ff473707f351db7b6948fb6a81649fe6274e045a7a730de7d23046d76b6072f20b230af9d8d05907c6e6e6c640f9e0740088c3c25f

    • SSDEEP

      6144:xwrSV/JpP+AegMMtRvu3LqBOkQWrRxBaFC0i3ggvE5UB0g+TI902di8UEO:xRpP6gMEBFxQC0i3Z85Vg+M9zi8UEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks