Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

  • Size

    393KB

  • Sample

    230309-dz43qsad37

  • MD5

    b43dcf8dccf6a46dbc7194a5f28f7b97

  • SHA1

    f6ad2782b373a9bc583451904bff58b552af74c7

  • SHA256

    4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

  • SHA512

    f29d251d99f3c2583584a9369e3fc9d438bff1823567ab59717d3dc45dd33ec5333d97c417caa58e6776e0b70bc109aad51460b46cc08e8795ffad1b00f30f45

  • SSDEEP

    6144:Kxy+bnr+xp0yN90QEh7N9Je8brlCnfrPkEYhvakTIQ68FM2IMrBHdL:bMrxy90jNFVczPkxhv/IQ68FHL

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

    • Size

      393KB

    • MD5

      b43dcf8dccf6a46dbc7194a5f28f7b97

    • SHA1

      f6ad2782b373a9bc583451904bff58b552af74c7

    • SHA256

      4c0988399789206cf730c3a47b292c18c78df325a2c466960754bd2e3529609b

    • SHA512

      f29d251d99f3c2583584a9369e3fc9d438bff1823567ab59717d3dc45dd33ec5333d97c417caa58e6776e0b70bc109aad51460b46cc08e8795ffad1b00f30f45

    • SSDEEP

      6144:Kxy+bnr+xp0yN90QEh7N9Je8brlCnfrPkEYhvakTIQ68FM2IMrBHdL:bMrxy90jNFVczPkxhv/IQ68FHL

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks