Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.zip

  • Size

    495KB

  • Sample

    230310-naplvseg81

  • MD5

    7bea2d764e505dc43303ee0f844bab8e

  • SHA1

    728caa78cc4e9e63718253ffb96c3ae68dba265c

  • SHA256

    0282095e145e94821871ad4e4800581e443bf2b8485a2d22116d397f65db0a03

  • SHA512

    4569cd93adb5cd21876e9263c3c45329de51bd6f443964169d29f4ac2f15ca2f912d0d5c55e3a29dd7947398a6c77a0f646efc89537b8c079b02675fe8f0824d

  • SSDEEP

    12288:MJL3CpvVliLerDEUvXnJTw1giAxBBNMT3yT3P:qyLYLer/Nw1gi4giD

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Targets

    • Target

      c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.exe

    • Size

      546KB

    • MD5

      97cf24fe6897d29e30d2dc3611925b6a

    • SHA1

      da1af28634f8a475ca502d9954b6fe210591b14e

    • SHA256

      c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1

    • SHA512

      c4cef03a07c2c3bcb91404c673441167e9b06d70ca49e89723de87a75bfa50d3b2927c1026bb53a9d25058b33024d57fc9757101f15231fbed8d37e933482e61

    • SSDEEP

      12288:OMray90WopsyHcX85sYe+JidaWINaqAE2BXncZr:gyRODcMah6WINaqAjNncF

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks