Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc

  • Size

    556KB

  • Sample

    230217-bxnxmadb62

  • MD5

    5aee9e6fb9180410587816989714f8cd

  • SHA1

    d651ee613657f05684240f3d46d7300e405c622a

  • SHA256

    ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc

  • SHA512

    a80ddcd82b2b2a04d059054f539726ff18d6307c138b0c546a860e7c5956c778bfdd20f82709f61235542cd1bf8138ac6837c20ba61f9b20f08bcc6826f228ad

  • SSDEEP

    12288:aMrZy903bm+R0st974iU0Quzzqi4WohFIE4tBRXUuN:LyYi2ft9VUozzoWozIEKBRpN

Malware Config

Extracted

Family

redline

Botnet

dubka

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5a9421183a033f283b2f23139b471f0

Targets

    • Target

      ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc

    • Size

      556KB

    • MD5

      5aee9e6fb9180410587816989714f8cd

    • SHA1

      d651ee613657f05684240f3d46d7300e405c622a

    • SHA256

      ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc

    • SHA512

      a80ddcd82b2b2a04d059054f539726ff18d6307c138b0c546a860e7c5956c778bfdd20f82709f61235542cd1bf8138ac6837c20ba61f9b20f08bcc6826f228ad

    • SSDEEP

      12288:aMrZy903bm+R0st974iU0Quzzqi4WohFIE4tBRXUuN:LyYi2ft9VUozzoWozIEKBRpN

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks