Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d98887da237676528795fc16cc28242.bin

  • Size

    479KB

  • Sample

    230307-b22dhsgf36

  • MD5

    85c4638c1b9360beea2580ae0b42fe8f

  • SHA1

    af8c19309c1a84159de73033fb741597df50f81a

  • SHA256

    f30887d35a147a630c14b5d963ac85e8d8e10f227e1dabfa692b8c6be59cd045

  • SHA512

    22254802c763b00a0a12930d55b10f5ee5a2e6bd013eed062de86278c5238701042d4dceb4bb32e738c9411a177b6e81239eaff2212d6d815d34e59bb143f7ca

  • SSDEEP

    12288:CZArne5rRAWxIb/f9exXMA4C7xEXRRKHjtECKu:kAriO/FaSmx2RAjt2u

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Extracted

Family

redline

Botnet

fabio

C2

193.233.20.27:4123

Attributes
  • auth_value

    56b82736c3f56b13be8e64c87d2cf9e5

Targets

    • Target

      a9a79e838aa44a567de917e6cfceac32d31d490be8721790d73faee90fa37425.exe

    • Size

      530KB

    • MD5

      9d98887da237676528795fc16cc28242

    • SHA1

      5fac23c5983cb857dec0ac79f4d9491f9a3cb99d

    • SHA256

      a9a79e838aa44a567de917e6cfceac32d31d490be8721790d73faee90fa37425

    • SHA512

      2262ed94830c4bc627f6f924d966442dc4d08084515e46cbaabd7adf07b2b4e64df65b7b6dd6583e6d43f5a474ee9d8f92a05ef190b993d8502c59c29e8471ca

    • SSDEEP

      12288:4MrNy902v5yPNzLa5YdCKvVFZuMBJhRX3wDb1YJks:VyxvsPNvaKbvFR/hRIbqJr

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks