Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07ac9839215f5b51863c9412ee708cbde6cc02d3b5b393b7f61445c0f883ba15

  • Size

    338KB

  • Sample

    240715-h5qjravbpr

  • MD5

    5914fb41f41c500fce9174da68acd4a1

  • SHA1

    7280991fd11a70b77d2e46114e6b27aa05fe1559

  • SHA256

    07ac9839215f5b51863c9412ee708cbde6cc02d3b5b393b7f61445c0f883ba15

  • SHA512

    d9ae8ed66318761370d9f4c23853cec2ffc3c632848192226bdab69f7e6399317494908b823cf31b5c2818990e25aaae9f1e7e6cb4858134c5efa36e057840a6

  • SSDEEP

    6144:pwDSC/xpP+AegMMtRvu3LqBO/QWrqipKTl1ArpwxX7V2di8vEO:pMpP6gMESGcUArSQi8vEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      07ac9839215f5b51863c9412ee708cbde6cc02d3b5b393b7f61445c0f883ba15

    • Size

      338KB

    • MD5

      5914fb41f41c500fce9174da68acd4a1

    • SHA1

      7280991fd11a70b77d2e46114e6b27aa05fe1559

    • SHA256

      07ac9839215f5b51863c9412ee708cbde6cc02d3b5b393b7f61445c0f883ba15

    • SHA512

      d9ae8ed66318761370d9f4c23853cec2ffc3c632848192226bdab69f7e6399317494908b823cf31b5c2818990e25aaae9f1e7e6cb4858134c5efa36e057840a6

    • SSDEEP

      6144:pwDSC/xpP+AegMMtRvu3LqBO/QWrqipKTl1ArpwxX7V2di8vEO:pMpP6gMESGcUArSQi8vEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks