Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276

  • Size

    409KB

  • Sample

    230309-j46p1sbc92

  • MD5

    5d1652da7e3520834f497fae78185e0e

  • SHA1

    4c84d1f92fb1555e0cff7a2e2df12cad2460c9f5

  • SHA256

    fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276

  • SHA512

    0fd263299bad8403505e6aabda64e0477d50331d0dbda1602cf65012a4177ea8dc577e84f6f05e5a95539d243b0067bc6c0cd37982034fc8ec96bf5052f6b121

  • SSDEEP

    6144:Key+bnr++p0yN90QE7/V/UCt9D7yNtxbHSLj1v6xULrXDalQpivx7eod8yAs:OMr+y90/8Ct9DQtBAJlLfZ0vx7gs

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276

    • Size

      409KB

    • MD5

      5d1652da7e3520834f497fae78185e0e

    • SHA1

      4c84d1f92fb1555e0cff7a2e2df12cad2460c9f5

    • SHA256

      fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276

    • SHA512

      0fd263299bad8403505e6aabda64e0477d50331d0dbda1602cf65012a4177ea8dc577e84f6f05e5a95539d243b0067bc6c0cd37982034fc8ec96bf5052f6b121

    • SSDEEP

      6144:Key+bnr++p0yN90QE7/V/UCt9D7yNtxbHSLj1v6xULrXDalQpivx7eod8yAs:OMr+y90/8Ct9DQtBAJlLfZ0vx7gs

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks