Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    920c83427ee1c2fbca5ba133cd0a81e0N.exe

  • Size

    312KB

  • Sample

    240814-kqpp1sshpa

  • MD5

    920c83427ee1c2fbca5ba133cd0a81e0

  • SHA1

    a80c9af32fde695b69d796480aa745a5980ff21b

  • SHA256

    4ece875dbe10d89c3d1607e04761ed621a00eaa2a42ec6296f9074355abf2264

  • SHA512

    b3b1346884c35bbbd1a05328cca13bdc1611ee202c51d279518c7107faa6ffb67396c4615b77d68cb7a769fd6ca16496cef87c5e3b167416f015e37df07c8548

  • SSDEEP

    6144:GMfvtBFDroOhihDABtLQZu+Uu4+t9ku4jHDdwhnpTa7bL2S/cNVHJS0B0iiARo:GwBFDzMhFs/+yjHR89az2fNVHJP+it

Malware Config

Extracted

Family

redline

Botnet

@exelzt

C2

185.215.113.22:80

Targets

    • Target

      920c83427ee1c2fbca5ba133cd0a81e0N.exe

    • Size

      312KB

    • MD5

      920c83427ee1c2fbca5ba133cd0a81e0

    • SHA1

      a80c9af32fde695b69d796480aa745a5980ff21b

    • SHA256

      4ece875dbe10d89c3d1607e04761ed621a00eaa2a42ec6296f9074355abf2264

    • SHA512

      b3b1346884c35bbbd1a05328cca13bdc1611ee202c51d279518c7107faa6ffb67396c4615b77d68cb7a769fd6ca16496cef87c5e3b167416f015e37df07c8548

    • SSDEEP

      6144:GMfvtBFDroOhihDABtLQZu+Uu4+t9ku4jHDdwhnpTa7bL2S/cNVHJS0B0iiARo:GwBFDzMhFs/+yjHR89az2fNVHJP+it

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks