Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54

  • Size

    758KB

  • Sample

    230213-f279aaba97

  • MD5

    b4c8b97b7a9590541c364f63db9fcda4

  • SHA1

    00e6d2dc2aa2aa04a1c88801c06821708cb03723

  • SHA256

    42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54

  • SHA512

    b914a298b9e529cf776c34655ba9d2fbed19ee58ae6a2dd03a3b85049ce19adc097f05ce77290523f5a2309d3bb8a6222e00cf1f55b4236f68cb0fbe98b0e495

  • SSDEEP

    12288:/Mrgy90DT2QynJoTvJrY2ZSChFBsVKsKKI6F5r+t3H9c+R39srPREMHiqbb8VimB:7y9nJo9Yq5BsV7rG3HF59CdHheiQ

Malware Config

Extracted

Family

redline

Botnet

cr2

C2

176.113.115.17:4132

Attributes
  • auth_value

    4bf573d6f5ab16f3b5e36da6855dc128

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes
  • auth_value

    352959e3707029296ec94306d74e2334

Targets

    • Target

      42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54

    • Size

      758KB

    • MD5

      b4c8b97b7a9590541c364f63db9fcda4

    • SHA1

      00e6d2dc2aa2aa04a1c88801c06821708cb03723

    • SHA256

      42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54

    • SHA512

      b914a298b9e529cf776c34655ba9d2fbed19ee58ae6a2dd03a3b85049ce19adc097f05ce77290523f5a2309d3bb8a6222e00cf1f55b4236f68cb0fbe98b0e495

    • SSDEEP

      12288:/Mrgy90DT2QynJoTvJrY2ZSChFBsVKsKKI6F5r+t3H9c+R39srPREMHiqbb8VimB:7y9nJo9Yq5BsV7rG3HF59CdHheiQ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks