Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44d25c17fa7a0e7d454572f2a22c001b3f6945d9ca60a2aa1e8e97ff89d1dc33

  • Size

    482KB

  • Sample

    230214-aftwwahc95

  • MD5

    7234e64e819275fa8fffa05ecc8e1cab

  • SHA1

    da52fa5010e2f2839ea176b7de473935eb11bfef

  • SHA256

    44d25c17fa7a0e7d454572f2a22c001b3f6945d9ca60a2aa1e8e97ff89d1dc33

  • SHA512

    a24756700ffb6f7a03cff8d9da6ee74d6cd081e3762b01c902d387eccca21705892e6ee37b6b294e917b7a74db861bd229d8107eb2d91274cde0677f2b38fab8

  • SSDEEP

    12288:OMryy90rGz0mVccNuZv8SH1HXY5Djjz6egF3+Ue:wycaVXEGMHXY5DXPc3+9

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      44d25c17fa7a0e7d454572f2a22c001b3f6945d9ca60a2aa1e8e97ff89d1dc33

    • Size

      482KB

    • MD5

      7234e64e819275fa8fffa05ecc8e1cab

    • SHA1

      da52fa5010e2f2839ea176b7de473935eb11bfef

    • SHA256

      44d25c17fa7a0e7d454572f2a22c001b3f6945d9ca60a2aa1e8e97ff89d1dc33

    • SHA512

      a24756700ffb6f7a03cff8d9da6ee74d6cd081e3762b01c902d387eccca21705892e6ee37b6b294e917b7a74db861bd229d8107eb2d91274cde0677f2b38fab8

    • SSDEEP

      12288:OMryy90rGz0mVccNuZv8SH1HXY5Djjz6egF3+Ue:wycaVXEGMHXY5DXPc3+9

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks