Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109

  • Size

    659KB

  • Sample

    230304-d5ttysbh71

  • MD5

    0da70b7b891b432062dd018bccede909

  • SHA1

    ff177f625ddc986a1a7d6900d724b9139617da6d

  • SHA256

    331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109

  • SHA512

    6125e81a1f837517c2132114e08410a03f7623765fcd00267555da06bfb0feacdf6113662547b7317cdc9de9722a9dea173c8c0fb1adbd29b931fa1e227ccb27

  • SSDEEP

    12288:jMrvy90BoC6rwtbT1U1GlKZakXR87qS4ZjQZax51SFMzOhge:gyUoC6UtT1U2KZaUeTaf4Gyie

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

redline

Botnet

foksa

C2

hueref.eu:4162

Attributes
  • auth_value

    6a9b2601a21672b285de3ed41b5402e4

Targets

    • Target

      331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109

    • Size

      659KB

    • MD5

      0da70b7b891b432062dd018bccede909

    • SHA1

      ff177f625ddc986a1a7d6900d724b9139617da6d

    • SHA256

      331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109

    • SHA512

      6125e81a1f837517c2132114e08410a03f7623765fcd00267555da06bfb0feacdf6113662547b7317cdc9de9722a9dea173c8c0fb1adbd29b931fa1e227ccb27

    • SSDEEP

      12288:jMrvy90BoC6rwtbT1U1GlKZakXR87qS4ZjQZax51SFMzOhge:gyUoC6UtT1U2KZaUeTaf4Gyie

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks