Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

  • Size

    763KB

  • Sample

    230213-wfe9daec8y

  • MD5

    a9873ea604e50ef59160e4f8978bab2d

  • SHA1

    b2793e87c38ab70390a05b9f4b1389b6ff894ffa

  • SHA256

    70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

  • SHA512

    5cae394c8e6cf50b18371a8202e0f9e8559e1342e03b9bf59ef6096cf7559e767f25c515ee768625be1d39f28c4543582221ff603629f98debd4c9fea921364c

  • SSDEEP

    12288:1Mr5y90RiRxcvOVkbifdDGF9hF4pAo/lVlHbFkmUScmIHzVclCNv2op/hb:wy1P4oG3hCPdxD++lQvdr

Malware Config

Extracted

Family

redline

Botnet

cr2

C2

176.113.115.17:4132

Attributes
  • auth_value

    4bf573d6f5ab16f3b5e36da6855dc128

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes
  • auth_value

    352959e3707029296ec94306d74e2334

Targets

    • Target

      70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

    • Size

      763KB

    • MD5

      a9873ea604e50ef59160e4f8978bab2d

    • SHA1

      b2793e87c38ab70390a05b9f4b1389b6ff894ffa

    • SHA256

      70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

    • SHA512

      5cae394c8e6cf50b18371a8202e0f9e8559e1342e03b9bf59ef6096cf7559e767f25c515ee768625be1d39f28c4543582221ff603629f98debd4c9fea921364c

    • SSDEEP

      12288:1Mr5y90RiRxcvOVkbifdDGF9hF4pAo/lVlHbFkmUScmIHzVclCNv2op/hb:wy1P4oG3hCPdxD++lQvdr

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks