Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082

  • Size

    338KB

  • Sample

    240715-hr7k4stepq

  • MD5

    0247647b5e279e3f2d7e2c678b5aba2a

  • SHA1

    5602ea55c79cc782ff3e8c5e67f8ec132ccb5b6e

  • SHA256

    656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082

  • SHA512

    73b28bfd069e7b4ea81c3707b66859d39fe4b2e8d98a168081f5e1a48705ef29b15a459415264888336b2cf2c7c2a8eb031c6f668c7d4c1885f1013aad7ad749

  • SSDEEP

    6144:kwrSv/JpP+AegMMtRvu3LqBOkQWrTxivRid/E4FDJM2di8UEO:kXpP6gMEBPxiv2ESJi8UEO

Malware Config

Extracted

Family

redline

Botnet

6951125327

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082

    • Size

      338KB

    • MD5

      0247647b5e279e3f2d7e2c678b5aba2a

    • SHA1

      5602ea55c79cc782ff3e8c5e67f8ec132ccb5b6e

    • SHA256

      656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082

    • SHA512

      73b28bfd069e7b4ea81c3707b66859d39fe4b2e8d98a168081f5e1a48705ef29b15a459415264888336b2cf2c7c2a8eb031c6f668c7d4c1885f1013aad7ad749

    • SSDEEP

      6144:kwrSv/JpP+AegMMtRvu3LqBOkQWrTxivRid/E4FDJM2di8UEO:kXpP6gMEBPxiv2ESJi8UEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks