Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    79cbdcbc3657f42e3e23e0347cc380db70648317cc497f9f92c4341dafae3b18

  • Size

    717KB

  • Sample

    230307-v3vrxaad6s

  • MD5

    b6f69d073ca957a77fa9fd5c2b48f840

  • SHA1

    6e9e3dcc63bf6d7ccc286c4c001e5c63c70a7b4f

  • SHA256

    79cbdcbc3657f42e3e23e0347cc380db70648317cc497f9f92c4341dafae3b18

  • SHA512

    f0fc6875d3b1c1f83f6285e502dd7eb3ee71a3a53e775692fa70c836fa04ff05572de3d055a511ba6c2c9295139d59b9e2460410a538105ff71b86d4b1dd333d

  • SSDEEP

    12288:PMrBy90J/Ax/XQFupIA/aagZM//hou1/2uD5QnG4fLUQl9Z:yyIAJuuh3mIezDZ

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Extracted

Family

redline

Botnet

misha

C2

193.56.146.11:4173

Attributes
  • auth_value

    e17e441c954db214b94a603a7b0b1aea

Targets

    • Target

      79cbdcbc3657f42e3e23e0347cc380db70648317cc497f9f92c4341dafae3b18

    • Size

      717KB

    • MD5

      b6f69d073ca957a77fa9fd5c2b48f840

    • SHA1

      6e9e3dcc63bf6d7ccc286c4c001e5c63c70a7b4f

    • SHA256

      79cbdcbc3657f42e3e23e0347cc380db70648317cc497f9f92c4341dafae3b18

    • SHA512

      f0fc6875d3b1c1f83f6285e502dd7eb3ee71a3a53e775692fa70c836fa04ff05572de3d055a511ba6c2c9295139d59b9e2460410a538105ff71b86d4b1dd333d

    • SSDEEP

      12288:PMrBy90J/Ax/XQFupIA/aagZM//hou1/2uD5QnG4fLUQl9Z:yyIAJuuh3mIezDZ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks