Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

  • Size

    855KB

  • Sample

    230216-v4z31sag99

  • MD5

    fa7297d8c1348401fb8fa8b4ecb9ce11

  • SHA1

    3428cbbc3f71ba77f1b9b1a58fe6e0cd8314c791

  • SHA256

    e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

  • SHA512

    0b383516b2605a2529a4264502844aaa35b897c50852a3305b1ba156818420e96f5a115e38ba077af22a05fc60f396956e8d781ef02e908fefd800d1712ee5ce

  • SSDEEP

    24576:byb4H46zl9/liYqJpzRmZkOUOPVZK8SiF+Q:Ob4jlfp+zQxUGVZei

Malware Config

Extracted

Family

redline

Botnet

dubka

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5a9421183a033f283b2f23139b471f0

Targets

    • Target

      e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

    • Size

      855KB

    • MD5

      fa7297d8c1348401fb8fa8b4ecb9ce11

    • SHA1

      3428cbbc3f71ba77f1b9b1a58fe6e0cd8314c791

    • SHA256

      e9ae1505911e958aa07b13f7fe6a0b2f11c6175aa46a0881dd916e8cc6678545

    • SHA512

      0b383516b2605a2529a4264502844aaa35b897c50852a3305b1ba156818420e96f5a115e38ba077af22a05fc60f396956e8d781ef02e908fefd800d1712ee5ce

    • SSDEEP

      24576:byb4H46zl9/liYqJpzRmZkOUOPVZK8SiF+Q:Ob4jlfp+zQxUGVZei

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks