Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    57227a5ff0d5b98ec350b30fdfb15dfe847a501d960d300f5d00ae5eb5cfdf63

  • Size

    569KB

  • Sample

    230309-kr7l8aae3s

  • MD5

    3d9b187eb0185f66ab6fc2ac7b7fd2eb

  • SHA1

    2b65c779729fb066387b42418ce33c571ad58642

  • SHA256

    57227a5ff0d5b98ec350b30fdfb15dfe847a501d960d300f5d00ae5eb5cfdf63

  • SHA512

    7b123e946e307a0efecba6c93e5a1e48a2ad6dc1b7e5b699b70872199a234db487d48ea80b190dc5c2b4027e01aaf1e169e8a6d71e0a39f69ed1d6b0abc2e5ad

  • SSDEEP

    12288:FMrey900ahimz7AuxqVP+crH2Sywzcr/fzha10U/8a:HyFsVAuxYPX2SlzYnNtU/7

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      57227a5ff0d5b98ec350b30fdfb15dfe847a501d960d300f5d00ae5eb5cfdf63

    • Size

      569KB

    • MD5

      3d9b187eb0185f66ab6fc2ac7b7fd2eb

    • SHA1

      2b65c779729fb066387b42418ce33c571ad58642

    • SHA256

      57227a5ff0d5b98ec350b30fdfb15dfe847a501d960d300f5d00ae5eb5cfdf63

    • SHA512

      7b123e946e307a0efecba6c93e5a1e48a2ad6dc1b7e5b699b70872199a234db487d48ea80b190dc5c2b4027e01aaf1e169e8a6d71e0a39f69ed1d6b0abc2e5ad

    • SSDEEP

      12288:FMrey900ahimz7AuxqVP+crH2Sywzcr/fzha10U/8a:HyFsVAuxYPX2SlzYnNtU/7

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks