Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2

  • Size

    1.3MB

  • Sample

    230301-wj28bahd63

  • MD5

    62cab663d218c152d00ef98f1b4a4cf7

  • SHA1

    435a083ebfed6445e8ee1d487fad1a1ffdd3c9a1

  • SHA256

    002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2

  • SHA512

    963f73b7bdca3ac9edad11554e19a0bd89eefcea9ebc6c794506c2efa7443dc07249279639bd979cabdc5d06ac58fbd204e33095d2c16c87a2c1d78e0114f88f

  • SSDEEP

    24576:4yvwJJmioZPBAU7mUyv9pDk6Bz3TpSy3oc0aMm7shAXzeHMrbV761:/wJ4MWmUyFpDkez3Tp935Mm7s+jeHMHp

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2

    • Size

      1.3MB

    • MD5

      62cab663d218c152d00ef98f1b4a4cf7

    • SHA1

      435a083ebfed6445e8ee1d487fad1a1ffdd3c9a1

    • SHA256

      002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2

    • SHA512

      963f73b7bdca3ac9edad11554e19a0bd89eefcea9ebc6c794506c2efa7443dc07249279639bd979cabdc5d06ac58fbd204e33095d2c16c87a2c1d78e0114f88f

    • SSDEEP

      24576:4yvwJJmioZPBAU7mUyv9pDk6Bz3TpSy3oc0aMm7shAXzeHMrbV761:/wJ4MWmUyFpDkez3Tp935Mm7s+jeHMHp

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks