Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1

  • Size

    551KB

  • Sample

    230302-swljjsde28

  • MD5

    1a0a9f0c29a3f2b902cc7964d1490d21

  • SHA1

    eccbf588d28ed6365b807f8bcc84098cc3bab829

  • SHA256

    a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1

  • SHA512

    7bd062037c005f9342f5354b1dafe1b0c0351801e9115f7b5ee7bc54c92904844c8b2c5276494609000fe923eb626c32758c55696051b14c2df3578e067206ee

  • SSDEEP

    12288:JMrgy90dRvVAYbZ3gdnoceEwzLu8duuQ2M4fS:xyeV7b2oUk68YOM46

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Extracted

Family

redline

Botnet

fomich

C2

melevv.eu:4162

Attributes
  • auth_value

    b018e52ac946001794d8b8c23e901859

Targets

    • Target

      a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1

    • Size

      551KB

    • MD5

      1a0a9f0c29a3f2b902cc7964d1490d21

    • SHA1

      eccbf588d28ed6365b807f8bcc84098cc3bab829

    • SHA256

      a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1

    • SHA512

      7bd062037c005f9342f5354b1dafe1b0c0351801e9115f7b5ee7bc54c92904844c8b2c5276494609000fe923eb626c32758c55696051b14c2df3578e067206ee

    • SSDEEP

      12288:JMrgy90dRvVAYbZ3gdnoceEwzLu8duuQ2M4fS:xyeV7b2oUk68YOM46

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks