Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

  • Size

    1.1MB

  • Sample

    230302-h6pzlsbe51

  • MD5

    7f6536e7456dbb3d0812893eb21efbb9

  • SHA1

    1b80b471cdab31a1ce5f5e0ae23606c86b14e3bf

  • SHA256

    cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

  • SHA512

    a18d597e4779527269a8c6e08b5da1a9db91e42e31539c244d685e8ac1d2ef72d4f21cbd21b0498dad7e544486010f08d36a666be1e578a9ac7cb2fe6499189a

  • SSDEEP

    24576:Vysc8c91t0G0NcChw3o1OmUX5M+bWWxxharHfBFCiL9JxyyCXKcLaSALR:w112GMBi2UJzyGYrPCij4yC6ZSA

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Extracted

Family

redline

Botnet

durov

C2

193.56.146.11:4162

Attributes
  • auth_value

    337984645d237df105d30aab7013119f

Targets

    • Target

      cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

    • Size

      1.1MB

    • MD5

      7f6536e7456dbb3d0812893eb21efbb9

    • SHA1

      1b80b471cdab31a1ce5f5e0ae23606c86b14e3bf

    • SHA256

      cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26

    • SHA512

      a18d597e4779527269a8c6e08b5da1a9db91e42e31539c244d685e8ac1d2ef72d4f21cbd21b0498dad7e544486010f08d36a666be1e578a9ac7cb2fe6499189a

    • SSDEEP

      24576:Vysc8c91t0G0NcChw3o1OmUX5M+bWWxxharHfBFCiL9JxyyCXKcLaSALR:w112GMBi2UJzyGYrPCij4yC6ZSA

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks