Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d156ac7ece496c21dbe51bb92afd948b55e752e2ae2f3afb3021f7a611c19e79

  • Size

    1.1MB

  • Sample

    230301-yab1wahh43

  • MD5

    cccc4d453aac3939a9ae0cb43125ec62

  • SHA1

    263a8a63c14cf9bf7c9f25a4b77474aafc450598

  • SHA256

    d156ac7ece496c21dbe51bb92afd948b55e752e2ae2f3afb3021f7a611c19e79

  • SHA512

    2cc05ecf7e7516427501b57e858b5a5119254eb56db38b86da7e1a9654c23205cd9dbae92e8c2eec043c59f7e68affa4307eb05f7dc99dae1b1c708c0988b148

  • SSDEEP

    24576:jy4f+GC+xYopFW2AjqbrTn1jaHIatp15QEvbUeGXotq:2g6QWoLRkQR4t

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Extracted

Family

redline

Botnet

durov

C2

193.56.146.11:4162

Attributes
  • auth_value

    337984645d237df105d30aab7013119f

Targets

    • Target

      d156ac7ece496c21dbe51bb92afd948b55e752e2ae2f3afb3021f7a611c19e79

    • Size

      1.1MB

    • MD5

      cccc4d453aac3939a9ae0cb43125ec62

    • SHA1

      263a8a63c14cf9bf7c9f25a4b77474aafc450598

    • SHA256

      d156ac7ece496c21dbe51bb92afd948b55e752e2ae2f3afb3021f7a611c19e79

    • SHA512

      2cc05ecf7e7516427501b57e858b5a5119254eb56db38b86da7e1a9654c23205cd9dbae92e8c2eec043c59f7e68affa4307eb05f7dc99dae1b1c708c0988b148

    • SSDEEP

      24576:jy4f+GC+xYopFW2AjqbrTn1jaHIatp15QEvbUeGXotq:2g6QWoLRkQR4t

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks