Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03

  • Size

    546KB

  • Sample

    230303-tave1aab85

  • MD5

    a6a17ee1d667a8134347bdc23323ce98

  • SHA1

    320990bcb550a6d260fbf61beb3c9bed9700807a

  • SHA256

    5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03

  • SHA512

    1d6ea325a7c0a02aa246d7d01af74d7eff742ea0869bd5ec0ee02e1777ba8fc90808068cafbd5d8bf2d13ec741568a2572642b190d4e7d72fca079d69da9573b

  • SSDEEP

    12288:YMrZy90sh2Do7vIxuSKsmlX1+1Z1NJOtslMfc4Niqn3MtDPFcxAjf+:hy/23uSKsmh1+1Z1N4tY4cnDdljm

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

redline

Botnet

foksa

C2

hueref.eu:4162

Attributes
  • auth_value

    6a9b2601a21672b285de3ed41b5402e4

Targets

    • Target

      5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03

    • Size

      546KB

    • MD5

      a6a17ee1d667a8134347bdc23323ce98

    • SHA1

      320990bcb550a6d260fbf61beb3c9bed9700807a

    • SHA256

      5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03

    • SHA512

      1d6ea325a7c0a02aa246d7d01af74d7eff742ea0869bd5ec0ee02e1777ba8fc90808068cafbd5d8bf2d13ec741568a2572642b190d4e7d72fca079d69da9573b

    • SSDEEP

      12288:YMrZy90sh2Do7vIxuSKsmlX1+1Z1NJOtslMfc4Niqn3MtDPFcxAjf+:hy/23uSKsmh1+1Z1N4tY4cnDdljm

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks