Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Installer.exe

  • Size

    1.4MB

  • Sample

    240819-zemhvavbma

  • MD5

    7eaaaa8fcc415db545f4cde72ad083c0

  • SHA1

    9d294d1f61147dfe82cb30d8b6aa4c978ed3a609

  • SHA256

    a105ae6db94ceb063d8e0019207bd08642d3d434a8217e3fe833b020bd6e6170

  • SHA512

    cfff393947a65ba9f043bfbbddbeb4d2c4e8289a561f65f25c0294f7aa36367782b163ad9b19fe407beb2bfd9aec019b5cdb9293228552fc7a2a857316b774d5

  • SSDEEP

    24576:byeIaZhac1XXDN0rKOWN8O3b0/3GhiIAzPU:b6StnDN0rKOWN8O3b0/3GhiIAzP

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Installer.exe

    • Size

      1.4MB

    • MD5

      7eaaaa8fcc415db545f4cde72ad083c0

    • SHA1

      9d294d1f61147dfe82cb30d8b6aa4c978ed3a609

    • SHA256

      a105ae6db94ceb063d8e0019207bd08642d3d434a8217e3fe833b020bd6e6170

    • SHA512

      cfff393947a65ba9f043bfbbddbeb4d2c4e8289a561f65f25c0294f7aa36367782b163ad9b19fe407beb2bfd9aec019b5cdb9293228552fc7a2a857316b774d5

    • SSDEEP

      24576:byeIaZhac1XXDN0rKOWN8O3b0/3GhiIAzPU:b6StnDN0rKOWN8O3b0/3GhiIAzP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks