Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

  • Size

    864KB

  • Sample

    230315-trqhdagd4z

  • MD5

    29381b7ef0d8518e3a53c0f78ef14cbe

  • SHA1

    3e3dbcd31af5c332e570e7fb4533910ff05ffed7

  • SHA256

    cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

  • SHA512

    7b649ef8ca7ce7255b2a90372e3bb89ce144c9e2ed2d6b0281d41fe49833165abd625d3ac49739dbc6b1e59929ad255dfec30fa59e738278334d31245669d8a8

  • SSDEEP

    12288:XMrsy90d8g1x8nHBAfh1OzZfV4ZwLqp74DiNZBqileuoz4Wo5iTGLNNfz:Dykp1x0HqLaneTN4DviZoz4vkI3

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

sito

C2

193.233.20.28:4125

Attributes
  • auth_value

    030f94d8e396dbe51ce339b815cdad17

Targets

    • Target

      cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

    • Size

      864KB

    • MD5

      29381b7ef0d8518e3a53c0f78ef14cbe

    • SHA1

      3e3dbcd31af5c332e570e7fb4533910ff05ffed7

    • SHA256

      cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230

    • SHA512

      7b649ef8ca7ce7255b2a90372e3bb89ce144c9e2ed2d6b0281d41fe49833165abd625d3ac49739dbc6b1e59929ad255dfec30fa59e738278334d31245669d8a8

    • SSDEEP

      12288:XMrsy90d8g1x8nHBAfh1OzZfV4ZwLqp74DiNZBqileuoz4Wo5iTGLNNfz:Dykp1x0HqLaneTN4DviZoz4vkI3

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks