Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33

  • Size

    811KB

  • Sample

    230310-te3beagb8w

  • MD5

    7d828de85b3454cbc9e7b29cf3a2740b

  • SHA1

    cdfd30be8b7f97926acf004a9df645650c4c9d82

  • SHA256

    0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33

  • SHA512

    ef6ed6ad80060a7371625641c6392556c2a0be1a445b5ea313dd70e7fc8d609dd063d6000c1f1ed3e8770b02df8238eb6e4e800b84583992f61bc320555b421f

  • SSDEEP

    12288:7Mrzy90SFskTOaJhwhphUGzmsMyJLD44S9llOVdEBmWUpV6NfcY4VJ33JY:Myai7woIo4ScVdamWUmNkVTY

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Targets

    • Target

      0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33

    • Size

      811KB

    • MD5

      7d828de85b3454cbc9e7b29cf3a2740b

    • SHA1

      cdfd30be8b7f97926acf004a9df645650c4c9d82

    • SHA256

      0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33

    • SHA512

      ef6ed6ad80060a7371625641c6392556c2a0be1a445b5ea313dd70e7fc8d609dd063d6000c1f1ed3e8770b02df8238eb6e4e800b84583992f61bc320555b421f

    • SSDEEP

      12288:7Mrzy90SFskTOaJhwhphUGzmsMyJLD44S9llOVdEBmWUpV6NfcY4VJ33JY:Myai7woIo4ScVdamWUmNkVTY

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks