Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d

  • Size

    790KB

  • Sample

    230315-frmvlabf49

  • MD5

    0c3f8bb5e3c09a5e3b33a7ff6179508a

  • SHA1

    6b8895c84877532dc3da77a5377442dfe1c37754

  • SHA256

    b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d

  • SHA512

    41461201f4fd30c63a3a0d88f2919b3313c1e7f5a93a67119d7a9b88fb98402d5a0d4e2877d32af44745ea6e771bbaed145f6f88c1e5720cb7a7273e6de927e8

  • SSDEEP

    24576:IyZW3weS8yrpXuPloQ2Tnfc3dLuESJnH:PM3FS8y8PlT2TnkNuE8

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

rita

C2

193.233.20.28:4125

Attributes
  • auth_value

    5cf1bcf41b0a2f3710619223451dfd3a

Targets

    • Target

      b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d

    • Size

      790KB

    • MD5

      0c3f8bb5e3c09a5e3b33a7ff6179508a

    • SHA1

      6b8895c84877532dc3da77a5377442dfe1c37754

    • SHA256

      b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d

    • SHA512

      41461201f4fd30c63a3a0d88f2919b3313c1e7f5a93a67119d7a9b88fb98402d5a0d4e2877d32af44745ea6e771bbaed145f6f88c1e5720cb7a7273e6de927e8

    • SSDEEP

      24576:IyZW3weS8yrpXuPloQ2Tnfc3dLuESJnH:PM3FS8y8PlT2TnkNuE8

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks