Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6

  • Size

    392KB

  • Sample

    230309-a2ap5ahg83

  • MD5

    93fd4254348af868de495d6faf8a01dd

  • SHA1

    00c0d87e84163370edf6dce2d2df276c966c8fac

  • SHA256

    d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6

  • SHA512

    c5c5886799b6a3a90e00d3a0794f75f3d5a139504ccf626d5384cd94348f491f8767a9a3f840c461af91fb9a19d8fdaf2497d50817ec4bb62d2f5eac56c354ba

  • SSDEEP

    6144:KGy+bnr+Zp0yN90QEBaLeaUAjviz02E9+zqBbQlbJVeAJT8zl/D4aolh6L:SMrJy90QeaUAjY029aQp0zWaL

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6

    • Size

      392KB

    • MD5

      93fd4254348af868de495d6faf8a01dd

    • SHA1

      00c0d87e84163370edf6dce2d2df276c966c8fac

    • SHA256

      d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6

    • SHA512

      c5c5886799b6a3a90e00d3a0794f75f3d5a139504ccf626d5384cd94348f491f8767a9a3f840c461af91fb9a19d8fdaf2497d50817ec4bb62d2f5eac56c354ba

    • SSDEEP

      6144:KGy+bnr+Zp0yN90QEBaLeaUAjviz02E9+zqBbQlbJVeAJT8zl/D4aolh6L:SMrJy90QeaUAjY029aQp0zWaL

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks