Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0d7bc2ccf07af7960c580fd43928b5fb02b901f9962eafb10f607e395759306.exe

  • Size

    304KB

  • Sample

    240727-b6hf7sygjr

  • MD5

    4e0235942a9cde99ee2ee0ee1a736e4f

  • SHA1

    d084d94df2502e68ee0443b335dd621cd45e2790

  • SHA256

    a0d7bc2ccf07af7960c580fd43928b5fb02b901f9962eafb10f607e395759306

  • SHA512

    cfc4b7d58f662ee0789349b38c1dec0c4e6dc1d2e660f5d92f8566d49c4850b2bf1d70e43edf84db7b21cb8e316e8bcc3e20b797e32d9668c69a029b15804e3f

  • SSDEEP

    3072:aq6EgY6igrUjsgMmwPPoDqeRFSCotTAbtAYKtJcZqf7D341eqiOLibBOU:ZqY6iXwPwuaFjGTARANJcZqf7DIfL

Malware Config

Extracted

Family

redline

Botnet

Logs

C2

185.215.113.9:9137

Targets

    • Target

      a0d7bc2ccf07af7960c580fd43928b5fb02b901f9962eafb10f607e395759306.exe

    • Size

      304KB

    • MD5

      4e0235942a9cde99ee2ee0ee1a736e4f

    • SHA1

      d084d94df2502e68ee0443b335dd621cd45e2790

    • SHA256

      a0d7bc2ccf07af7960c580fd43928b5fb02b901f9962eafb10f607e395759306

    • SHA512

      cfc4b7d58f662ee0789349b38c1dec0c4e6dc1d2e660f5d92f8566d49c4850b2bf1d70e43edf84db7b21cb8e316e8bcc3e20b797e32d9668c69a029b15804e3f

    • SSDEEP

      3072:aq6EgY6igrUjsgMmwPPoDqeRFSCotTAbtAYKtJcZqf7D341eqiOLibBOU:ZqY6iXwPwuaFjGTARANJcZqf7DIfL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.