Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67520bf7ae01d65369c48247a46c9d6741bda91526868dd50127bf85e45e3292

  • Size

    338KB

  • Sample

    240715-hem1yawbmb

  • MD5

    9b8b042e64dd47ab8a8232f6cffcd3c2

  • SHA1

    c695243ed6934a606304bb0146b40f41461647e3

  • SHA256

    67520bf7ae01d65369c48247a46c9d6741bda91526868dd50127bf85e45e3292

  • SHA512

    bbf6fb7ab3d9ef8db7b136aa0334c9921ed65ff38207e4ee627a651012acb13bf72d2f22cdf03bd225534a1e5fc485ff7c7b52224ca56aadf571cfc5b767cff6

  • SSDEEP

    6144:bwDSN/xpP+AegMMtRvu3LqBO/QWr+KGnhDiND0FmPX45f9ncUcNXAo8u2di8vEO:bFpP6gMESCdhOuFmP4VVcUcNXAo8Ji8F

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      67520bf7ae01d65369c48247a46c9d6741bda91526868dd50127bf85e45e3292

    • Size

      338KB

    • MD5

      9b8b042e64dd47ab8a8232f6cffcd3c2

    • SHA1

      c695243ed6934a606304bb0146b40f41461647e3

    • SHA256

      67520bf7ae01d65369c48247a46c9d6741bda91526868dd50127bf85e45e3292

    • SHA512

      bbf6fb7ab3d9ef8db7b136aa0334c9921ed65ff38207e4ee627a651012acb13bf72d2f22cdf03bd225534a1e5fc485ff7c7b52224ca56aadf571cfc5b767cff6

    • SSDEEP

      6144:bwDSN/xpP+AegMMtRvu3LqBO/QWr+KGnhDiND0FmPX45f9ncUcNXAo8u2di8vEO:bFpP6gMESCdhOuFmP4VVcUcNXAo8Ji8F

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks