Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8f0f232752001beb182fed4ab489361acd37c387b78810016ec023bf4c3d0848

  • Size

    545KB

  • Sample

    230302-wjn1padf8t

  • MD5

    b95e1c267494500dd59b3ec940b7a20e

  • SHA1

    5fb8abf7feff5af9551a2142c4a53d041c6c314d

  • SHA256

    8f0f232752001beb182fed4ab489361acd37c387b78810016ec023bf4c3d0848

  • SHA512

    e1e2ef6c0717c9c15c54e8f596badb06537be231391e2ca2f8a59b5c02a449afa559d3ba99f699398ad656530225d901f493740d6c9f928a71eae38745a1dcb7

  • SSDEEP

    12288:ZMrgy90E4flZC37orkQffklz2RIz/FXvWt21Gf3hw4:RyJGXrpdqZut21Ge4

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Extracted

Family

redline

Botnet

fomich

C2

melevv.eu:4162

Attributes
  • auth_value

    b018e52ac946001794d8b8c23e901859

Targets

    • Target

      8f0f232752001beb182fed4ab489361acd37c387b78810016ec023bf4c3d0848

    • Size

      545KB

    • MD5

      b95e1c267494500dd59b3ec940b7a20e

    • SHA1

      5fb8abf7feff5af9551a2142c4a53d041c6c314d

    • SHA256

      8f0f232752001beb182fed4ab489361acd37c387b78810016ec023bf4c3d0848

    • SHA512

      e1e2ef6c0717c9c15c54e8f596badb06537be231391e2ca2f8a59b5c02a449afa559d3ba99f699398ad656530225d901f493740d6c9f928a71eae38745a1dcb7

    • SSDEEP

      12288:ZMrgy90E4flZC37orkQffklz2RIz/FXvWt21Gf3hw4:RyJGXrpdqZut21Ge4

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks