Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7

  • Size

    546KB

  • Sample

    230304-ffepvacg56

  • MD5

    0f062aba922cd4ad2a6042fa0b728cbc

  • SHA1

    1441bd1f1312f6b6745f4d9e6e3e82fb3b5c1899

  • SHA256

    7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7

  • SHA512

    ce219bf1e83ceccc9ad0c633166b84009d22fc5281ba59943c563d7a639a13f6c295c893940803948715498acf349a0355d7258b5bff136854428d841fa3be05

  • SSDEEP

    6144:KXy+bnr+2p0yN90QELOSwbSU3feGIeUT7vXyjz6lGh1CIaE/b4756MmOPeR7J4BX:RMrey909U6ecub/TctLfs7eKb+

Score
10/10
redlinefomichstekdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Extracted

Family

redline

Botnet

fomich

C2

melevv.eu:4162

Attributes
  • auth_value

    b018e52ac946001794d8b8c23e901859

Targets

    • Target

      7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7

    • Size

      546KB

    • MD5

      0f062aba922cd4ad2a6042fa0b728cbc

    • SHA1

      1441bd1f1312f6b6745f4d9e6e3e82fb3b5c1899

    • SHA256

      7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7

    • SHA512

      ce219bf1e83ceccc9ad0c633166b84009d22fc5281ba59943c563d7a639a13f6c295c893940803948715498acf349a0355d7258b5bff136854428d841fa3be05

    • SSDEEP

      6144:KXy+bnr+2p0yN90QELOSwbSU3feGIeUT7vXyjz6lGh1CIaE/b4756MmOPeR7J4BX:RMrey909U6ecub/TctLfs7eKb+

    Score
    10/10
    redlinefomichstekdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks