Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a

  • Size

    787KB

  • Sample

    230314-2g8j7sca7y

  • MD5

    7faa376a765fa4c67f9e41610d8b9f83

  • SHA1

    73b34a47582792251b9558b8e12f255f575b2abe

  • SHA256

    6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a

  • SHA512

    d09678887da10d9ab541c68427f42e568a18a11ef16ea90438c2c0a8a30e70697b11694437a38e9492da87e12fd6ea5e59ff8b79da5f5cd010117ff3bbd8fa3d

  • SSDEEP

    12288:pMrfy90det6HLKupqAbIC82CHuDt29yakAh4JJUreGaYE/okR151M9dXYk12qL8W:yy8eWPq/MCHg0UalhwtGaYToL1yRYZM

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

rita

C2

193.233.20.28:4125

Attributes
  • auth_value

    5cf1bcf41b0a2f3710619223451dfd3a

Targets

    • Target

      6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a

    • Size

      787KB

    • MD5

      7faa376a765fa4c67f9e41610d8b9f83

    • SHA1

      73b34a47582792251b9558b8e12f255f575b2abe

    • SHA256

      6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a

    • SHA512

      d09678887da10d9ab541c68427f42e568a18a11ef16ea90438c2c0a8a30e70697b11694437a38e9492da87e12fd6ea5e59ff8b79da5f5cd010117ff3bbd8fa3d

    • SSDEEP

      12288:pMrfy90det6HLKupqAbIC82CHuDt29yakAh4JJUreGaYE/okR151M9dXYk12qL8W:yy8eWPq/MCHg0UalhwtGaYToL1yRYZM

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks