Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    78307c971ea622222f7f8cdba360c0c912b804acdb9fc28930a74f2225916274

  • Size

    673KB

  • Sample

    230303-n2krzsgg8s

  • MD5

    5caea57f970a2f9392fc480cd56e6598

  • SHA1

    97c4a12b8fac3c38650841109b9a714207cafd75

  • SHA256

    78307c971ea622222f7f8cdba360c0c912b804acdb9fc28930a74f2225916274

  • SHA512

    ea1e7f10287fb1353b260145de9957936fa5d432a8a24b5cf5d39b92379c208a637c69a02534ab9bd6bb2d74d889911b7fb9e0d5a427f36a18da0a65af9e8391

  • SSDEEP

    12288:PMrmy90Lty8OFzXZ65keVi8/jflodWU0tGS4wpp5pePGjZivM2bFFe2B:5yoty9F8eeVi3L0gSTYPGNi0Kr

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

redline

Botnet

flurs

C2

hueref.eu:4162

Attributes
  • auth_value

    967190a484bd63836957d2fa7d601592

Targets

    • Target

      78307c971ea622222f7f8cdba360c0c912b804acdb9fc28930a74f2225916274

    • Size

      673KB

    • MD5

      5caea57f970a2f9392fc480cd56e6598

    • SHA1

      97c4a12b8fac3c38650841109b9a714207cafd75

    • SHA256

      78307c971ea622222f7f8cdba360c0c912b804acdb9fc28930a74f2225916274

    • SHA512

      ea1e7f10287fb1353b260145de9957936fa5d432a8a24b5cf5d39b92379c208a637c69a02534ab9bd6bb2d74d889911b7fb9e0d5a427f36a18da0a65af9e8391

    • SSDEEP

      12288:PMrmy90Lty8OFzXZ65keVi8/jflodWU0tGS4wpp5pePGjZivM2bFFe2B:5yoty9F8eeVi3L0gSTYPGNi0Kr

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks