Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68eb20a955db5d05d2dcb18d943497b7e051edbe4a16499cd806f9efc2e151eb

  • Size

    1.2MB

  • Sample

    230302-el3s7aba6x

  • MD5

    6d4ac001333c3f71154c85c3d4576123

  • SHA1

    7b88e2d3e41de5ae1bdd5c8666e829278dc2797e

  • SHA256

    68eb20a955db5d05d2dcb18d943497b7e051edbe4a16499cd806f9efc2e151eb

  • SHA512

    37396a96f69916d242e969d060226371c32bf66825b75f682f15dbb1e385b519edefdb758358a36e5c7718d964b083e618abfea56982b989400c5d659db5a8ff

  • SSDEEP

    24576:NylV2778Qr5afM7D0iNHUkSuzbVbqoWkkDxin6gP:olwf8Qr5d7D0ydjzbQo3Ixi6g

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Extracted

Family

redline

Botnet

durov

C2

193.56.146.11:4162

Attributes
  • auth_value

    337984645d237df105d30aab7013119f

Targets

    • Target

      68eb20a955db5d05d2dcb18d943497b7e051edbe4a16499cd806f9efc2e151eb

    • Size

      1.2MB

    • MD5

      6d4ac001333c3f71154c85c3d4576123

    • SHA1

      7b88e2d3e41de5ae1bdd5c8666e829278dc2797e

    • SHA256

      68eb20a955db5d05d2dcb18d943497b7e051edbe4a16499cd806f9efc2e151eb

    • SHA512

      37396a96f69916d242e969d060226371c32bf66825b75f682f15dbb1e385b519edefdb758358a36e5c7718d964b083e618abfea56982b989400c5d659db5a8ff

    • SSDEEP

      24576:NylV2778Qr5afM7D0iNHUkSuzbVbqoWkkDxin6gP:olwf8Qr5d7D0ydjzbQo3Ixi6g

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks