Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74c9111723d8381390bd276efe5fba3b942d6bd53f1a6abab63258c9327ba010

  • Size

    694KB

  • Sample

    230303-e585baff9s

  • MD5

    b5b28a29864da3f471c40f4150b5c145

  • SHA1

    c992401ac17883a5147025706b2ca1ed2916ef52

  • SHA256

    74c9111723d8381390bd276efe5fba3b942d6bd53f1a6abab63258c9327ba010

  • SHA512

    56cbd73a537308ba4e605eecbbc900200cb4e193c24fd5f5be087501e00e83d50b2ca751f9542ea3d8165a8865595508b12aa332daede5bb1c2555938fa8f1a4

  • SSDEEP

    12288:oMrOy90leU0VFU2PflrNkGyOk0xbC+9hqmw/TE8dTNIYHL:2yUKVFVP9JkGyOXgJx5L

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Extracted

Family

redline

Botnet

fchan

C2

pepunn.com:4162

Attributes
  • auth_value

    127bd53d55e8c4f0dd2f6e1ea60deef4

Targets

    • Target

      74c9111723d8381390bd276efe5fba3b942d6bd53f1a6abab63258c9327ba010

    • Size

      694KB

    • MD5

      b5b28a29864da3f471c40f4150b5c145

    • SHA1

      c992401ac17883a5147025706b2ca1ed2916ef52

    • SHA256

      74c9111723d8381390bd276efe5fba3b942d6bd53f1a6abab63258c9327ba010

    • SHA512

      56cbd73a537308ba4e605eecbbc900200cb4e193c24fd5f5be087501e00e83d50b2ca751f9542ea3d8165a8865595508b12aa332daede5bb1c2555938fa8f1a4

    • SSDEEP

      12288:oMrOy90leU0VFU2PflrNkGyOk0xbC+9hqmw/TE8dTNIYHL:2yUKVFVP9JkGyOXgJx5L

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks