Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    931a5aa34ba97db986011738eed333690c9230a5d1387792fd2ed2adbe42eea7

  • Size

    539KB

  • Sample

    230210-rd3vfacc3v

  • MD5

    1d2f18e3c7412d43f683b9568952cd53

  • SHA1

    12a59b9133cb59126f7d71d9ae38d7996110a3f8

  • SHA256

    931a5aa34ba97db986011738eed333690c9230a5d1387792fd2ed2adbe42eea7

  • SHA512

    fa233e99fec594281638e66c2665cba144867c4ee2f7dfd1b6497c434f151c94ef8d525a9e2807ba16e64c3ead2dfb8ad599e1adf376f5251329386d062c6449

  • SSDEEP

    12288:lMrAy904d+HTg5U31JoMJbcWS8OXMF7uERa3hJy:dyvUic1JoMvSVXEVAA

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Extracted

Family

redline

Botnet

nocrypt

C2

176.113.115.17:4132

Attributes
  • auth_value

    4fc7cda1ab5883a6197f20f517ce2a8c

Targets

    • Target

      931a5aa34ba97db986011738eed333690c9230a5d1387792fd2ed2adbe42eea7

    • Size

      539KB

    • MD5

      1d2f18e3c7412d43f683b9568952cd53

    • SHA1

      12a59b9133cb59126f7d71d9ae38d7996110a3f8

    • SHA256

      931a5aa34ba97db986011738eed333690c9230a5d1387792fd2ed2adbe42eea7

    • SHA512

      fa233e99fec594281638e66c2665cba144867c4ee2f7dfd1b6497c434f151c94ef8d525a9e2807ba16e64c3ead2dfb8ad599e1adf376f5251329386d062c6449

    • SSDEEP

      12288:lMrAy904d+HTg5U31JoMJbcWS8OXMF7uERa3hJy:dyvUic1JoMvSVXEVAA

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks