Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1708-2-0x0000000002390000-0x00000000023E2000-memory.dmp

  • Size

    328KB

  • Sample

    240807-qqta4ayhnj

  • MD5

    dad5c13122ce1fda26bcda0338033442

  • SHA1

    968ca9a9a9fa0979f8d8402fe7df8191f5eb8ec4

  • SHA256

    e286e5c8a8753f47f375464387ac948e7cc4377553e765fcc6eecdcac0f2f02c

  • SHA512

    8239371a9064c5d7f53147ee05863b8344e6d2316a20d36c9db9097a6bc836874cedf14dc0feeb9e9559c3a43dbd36d22a986e8f6a02126e9a36518f66dbde62

  • SSDEEP

    3072:Jq6EgY6ixrUjhYMLwPc0Gi3ZSXxTAvtASKutcZqf7D349eqiOLibBOb:YqY6ikwPCiShTAFAQtcZqf7DIHL

Malware Config

Extracted

Family

redline

Botnet

@mass1vexdd

C2

185.196.9.26:6302

Targets

    • Target

      1708-2-0x0000000002390000-0x00000000023E2000-memory.dmp

    • Size

      328KB

    • MD5

      dad5c13122ce1fda26bcda0338033442

    • SHA1

      968ca9a9a9fa0979f8d8402fe7df8191f5eb8ec4

    • SHA256

      e286e5c8a8753f47f375464387ac948e7cc4377553e765fcc6eecdcac0f2f02c

    • SHA512

      8239371a9064c5d7f53147ee05863b8344e6d2316a20d36c9db9097a6bc836874cedf14dc0feeb9e9559c3a43dbd36d22a986e8f6a02126e9a36518f66dbde62

    • SSDEEP

      3072:Jq6EgY6ixrUjhYMLwPc0Gi3ZSXxTAvtASKutcZqf7D349eqiOLibBOb:YqY6ikwPCiShTAFAQtcZqf7DIHL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks