Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

18/10/2022, 04:32

221018-e51g6seeb8 10

18/10/2022, 04:06

221018-epj59aedd6 7

18/10/2022, 03:34

221018-d417mseefj 10

General

  • Target

    be9d0c8a2051d70d4434e034647c8b675a38c1f08252c94c1620fbe663bd853b

  • Size

    521KB

  • Sample

    221018-d417mseefj

  • MD5

    c0318aa61a314fed79c87be28f0db3ba

  • SHA1

    361e5206d2e0aeb88174c524e6c7cfb90c94670d

  • SHA256

    be9d0c8a2051d70d4434e034647c8b675a38c1f08252c94c1620fbe663bd853b

  • SHA512

    619ad72faaa694d7dd141288c8f99738d3110fb2e08ea9a5feda3777d4d32456feca66a2e0da96a0610f475e358cb9bb99fc54a179fb98674f91cb205ff7a586

  • SSDEEP

    12288:bjNYGB77lC5eQoyLKWRIvwr222Zy+CQI1Cr2H:bjN99J2eOWF22ZaTe

Malware Config

Extracted

Family

redline

Botnet

BirjRo1

C2

79.137.197.136:23532

Attributes
  • auth_value

    278e5c62cf6a9bb4e0ab732b17b0368e

Targets

    • Target

      be9d0c8a2051d70d4434e034647c8b675a38c1f08252c94c1620fbe663bd853b

    • Size

      521KB

    • MD5

      c0318aa61a314fed79c87be28f0db3ba

    • SHA1

      361e5206d2e0aeb88174c524e6c7cfb90c94670d

    • SHA256

      be9d0c8a2051d70d4434e034647c8b675a38c1f08252c94c1620fbe663bd853b

    • SHA512

      619ad72faaa694d7dd141288c8f99738d3110fb2e08ea9a5feda3777d4d32456feca66a2e0da96a0610f475e358cb9bb99fc54a179fb98674f91cb205ff7a586

    • SSDEEP

      12288:bjNYGB77lC5eQoyLKWRIvwr222Zy+CQI1Cr2H:bjN99J2eOWF22ZaTe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v6

Tasks