Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    adf91ca0c4c7dc56be25277cb2fb972b91c792908f9d74389a4eb1a24eaa3931

  • Size

    550KB

  • Sample

    230302-ntwjhscg42

  • MD5

    9f67db2dead062c26f84bd9bcf060ce8

  • SHA1

    55b3e441b7f398d10920c71f3f976b60f85d466e

  • SHA256

    adf91ca0c4c7dc56be25277cb2fb972b91c792908f9d74389a4eb1a24eaa3931

  • SHA512

    72e23ccc03b11d4d9a5f0121b9661d6574a272a4bafd03c575f57e234cad4596f69f14e568cd555a8c3ff5a8ac4c98de4d7527bd33349cb1bf7b9c24554863ee

  • SSDEEP

    12288:vMrOy90R7ZncbdZMq7FkLdiJ71kzC8D4bLrCHcB:ByUZncBx7aLdiJJkzebLrCHcB

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Extracted

Family

redline

Botnet

fomich

C2

melevv.eu:4162

Attributes
  • auth_value

    b018e52ac946001794d8b8c23e901859

Targets

    • Target

      adf91ca0c4c7dc56be25277cb2fb972b91c792908f9d74389a4eb1a24eaa3931

    • Size

      550KB

    • MD5

      9f67db2dead062c26f84bd9bcf060ce8

    • SHA1

      55b3e441b7f398d10920c71f3f976b60f85d466e

    • SHA256

      adf91ca0c4c7dc56be25277cb2fb972b91c792908f9d74389a4eb1a24eaa3931

    • SHA512

      72e23ccc03b11d4d9a5f0121b9661d6574a272a4bafd03c575f57e234cad4596f69f14e568cd555a8c3ff5a8ac4c98de4d7527bd33349cb1bf7b9c24554863ee

    • SSDEEP

      12288:vMrOy90R7ZncbdZMq7FkLdiJ71kzC8D4bLrCHcB:ByUZncBx7aLdiJJkzebLrCHcB

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks