Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

  • Size

    560KB

  • Sample

    230306-p7c5rscd45

  • MD5

    c157049b914f3024400917c2c1897836

  • SHA1

    fd4653c6777e729cf4f2393a3565643fb4340e09

  • SHA256

    39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

  • SHA512

    1b90e3d6eff07d2e4e6cc0659095f447741c6d4b0e75ab24bb91c957e8b1e9931f4b2dc2968309b0ee6a5fdeb141f9c883ada06fd229e9b6f5eb506f780d0cbc

  • SSDEEP

    12288:xMrqy90stAM3tKcg8LQsLcBC8hXRP8FIBkiT:LyB3tAyZo7hXiIyiT

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Extracted

Family

redline

Botnet

fabio

C2

193.233.20.27:4123

Attributes
  • auth_value

    56b82736c3f56b13be8e64c87d2cf9e5

Targets

    • Target

      39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

    • Size

      560KB

    • MD5

      c157049b914f3024400917c2c1897836

    • SHA1

      fd4653c6777e729cf4f2393a3565643fb4340e09

    • SHA256

      39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103

    • SHA512

      1b90e3d6eff07d2e4e6cc0659095f447741c6d4b0e75ab24bb91c957e8b1e9931f4b2dc2968309b0ee6a5fdeb141f9c883ada06fd229e9b6f5eb506f780d0cbc

    • SSDEEP

      12288:xMrqy90stAM3tKcg8LQsLcBC8hXRP8FIBkiT:LyB3tAyZo7hXiIyiT

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks