Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

  • Size

    771KB

  • Sample

    230213-ttavpsdh2t

  • MD5

    b0722d2332adef5469aa3d86082900ef

  • SHA1

    3e151bdaa742b724fbb4613aaafe50e3d4722a68

  • SHA256

    b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

  • SHA512

    42c80b9cbc557746af62de106fa48947c6768ac1ca582f857e841139be3512f5cc3c3849b2df92b274a6ccb4d9874ac025d00e55a57047837038d65362e3aeb0

  • SSDEEP

    12288:rMr1y90KftCqg2A9yQZ4ZTumbaYjdsn6pGepZJ5q+2Lhe3v9X+pSDTSt:my7tCqgt4QZWh32njAw+21au2St

Malware Config

Extracted

Family

redline

Botnet

cr2

C2

176.113.115.17:4132

Attributes
  • auth_value

    4bf573d6f5ab16f3b5e36da6855dc128

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes
  • auth_value

    352959e3707029296ec94306d74e2334

Targets

    • Target

      b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

    • Size

      771KB

    • MD5

      b0722d2332adef5469aa3d86082900ef

    • SHA1

      3e151bdaa742b724fbb4613aaafe50e3d4722a68

    • SHA256

      b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

    • SHA512

      42c80b9cbc557746af62de106fa48947c6768ac1ca582f857e841139be3512f5cc3c3849b2df92b274a6ccb4d9874ac025d00e55a57047837038d65362e3aeb0

    • SSDEEP

      12288:rMr1y90KftCqg2A9yQZ4ZTumbaYjdsn6pGepZJ5q+2Lhe3v9X+pSDTSt:my7tCqgt4QZWh32njAw+21au2St

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks