Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf

  • Size

    569KB

  • Sample

    230308-1hnezsgb8z

  • MD5

    dd6103aab40fe105ecd39e4f5db83fe4

  • SHA1

    8aa367127ce6ebe413ed923b77975436ccbb2525

  • SHA256

    f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf

  • SHA512

    24bc6978cec0f690fce8a3610d80a73aab31e6ab61b8a759a1b86ddffeb703856d9557aea47a2a734b233a48b96f0d63bd0c927b2b6986f4dc7963af75b37a52

  • SSDEEP

    12288:RMrsy90gahimz7AuxqVrhAfM7hjpKewASe4Ts3q:5y5sVAuxY1T738pL

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf

    • Size

      569KB

    • MD5

      dd6103aab40fe105ecd39e4f5db83fe4

    • SHA1

      8aa367127ce6ebe413ed923b77975436ccbb2525

    • SHA256

      f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf

    • SHA512

      24bc6978cec0f690fce8a3610d80a73aab31e6ab61b8a759a1b86ddffeb703856d9557aea47a2a734b233a48b96f0d63bd0c927b2b6986f4dc7963af75b37a52

    • SSDEEP

      12288:RMrsy90gahimz7AuxqVrhAfM7hjpKewASe4Ts3q:5y5sVAuxY1T738pL

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks