Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2

  • Size

    530KB

  • Sample

    230304-eg2ekaca2w

  • MD5

    e1ae5a4c2c9a52b78c720b2feb361aa0

  • SHA1

    039de53a0a96d488fbd079674cf59a2da863cd21

  • SHA256

    3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2

  • SHA512

    0ea44b968dcdccfebe033b585b05c6b0fccd9b2ad1ec55e90f3c1d2931e242ecf462f26dc956fa709ff1c5a1871441d983a2c0a4154671291b4dfaeef431fff5

  • SSDEEP

    12288:CMrmy90/jd8g/GwjK1HWQZWAQ3Z5MThBtSu:8y4ug/BwWNszJ

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

redline

Botnet

foksa

C2

hueref.eu:4162

Attributes
  • auth_value

    6a9b2601a21672b285de3ed41b5402e4

Targets

    • Target

      3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2

    • Size

      530KB

    • MD5

      e1ae5a4c2c9a52b78c720b2feb361aa0

    • SHA1

      039de53a0a96d488fbd079674cf59a2da863cd21

    • SHA256

      3180f6ae841274a340259635593276434140680d051fe737af8f759bf21bfdc2

    • SHA512

      0ea44b968dcdccfebe033b585b05c6b0fccd9b2ad1ec55e90f3c1d2931e242ecf462f26dc956fa709ff1c5a1871441d983a2c0a4154671291b4dfaeef431fff5

    • SSDEEP

      12288:CMrmy90/jd8g/GwjK1HWQZWAQ3Z5MThBtSu:8y4ug/BwWNszJ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks