Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cce03db758554e7162259948e471d558d97ffb02ed5284debfcc9c2ad4dd1040

  • Size

    659KB

  • Sample

    230304-fx5ycsch44

  • MD5

    09ee40cdf9bb0ac0f8d08893a4308016

  • SHA1

    d099b1f19f300691f8621928eb33fd5c5f011cfd

  • SHA256

    cce03db758554e7162259948e471d558d97ffb02ed5284debfcc9c2ad4dd1040

  • SHA512

    93984354f963acd12a35aebcd4032cfeba2df057ab761ff8c0576e0e5429e0c1215c7c5fcbc06eb63e8bd60962d12e128c150b7372f4e50620e8626f203eee8a

  • SSDEEP

    12288:TMrgy90evpJcRtH7lUJW6TEvmeiLjhklnwfoio1AwAQEiXTG9g:Hy2tH5sxEOjjhInMcHXTX

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Extracted

Family

redline

Botnet

foksa

C2

hueref.eu:4162

Attributes
  • auth_value

    6a9b2601a21672b285de3ed41b5402e4

Targets

    • Target

      cce03db758554e7162259948e471d558d97ffb02ed5284debfcc9c2ad4dd1040

    • Size

      659KB

    • MD5

      09ee40cdf9bb0ac0f8d08893a4308016

    • SHA1

      d099b1f19f300691f8621928eb33fd5c5f011cfd

    • SHA256

      cce03db758554e7162259948e471d558d97ffb02ed5284debfcc9c2ad4dd1040

    • SHA512

      93984354f963acd12a35aebcd4032cfeba2df057ab761ff8c0576e0e5429e0c1215c7c5fcbc06eb63e8bd60962d12e128c150b7372f4e50620e8626f203eee8a

    • SSDEEP

      12288:TMrgy90evpJcRtH7lUJW6TEvmeiLjhklnwfoio1AwAQEiXTG9g:Hy2tH5sxEOjjhInMcHXTX

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks