Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    96967a4221142488b3ee4bd06b2adbd16782ffa466f9732a240ef246f40101bf

  • Size

    792KB

  • Sample

    230316-zv9cjsfa6w

  • MD5

    ec6f94af241a9a9b582872e37202c676

  • SHA1

    4b6c7c17ac8d5e0614388159b315c4a5ce2d7392

  • SHA256

    96967a4221142488b3ee4bd06b2adbd16782ffa466f9732a240ef246f40101bf

  • SHA512

    72f1a2eb3dac4b1485ce7fb21555a36d6b9a7af88efbba50fd9f70ee15fcc7e99f6851dff412f3fed3b65c8916cd00b68a2c91d2a0644b2d2d3b359c4c01f81c

  • SSDEEP

    24576:myQVf0rsoE2bHIA01Uox14Rk44sOYrCyPO:1Q10woEGu1UeORCsOOP

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

laba

C2

193.233.20.28:4125

Attributes
  • auth_value

    2cf01cffff9092a85ca7e106c547190b

Targets

    • Target

      96967a4221142488b3ee4bd06b2adbd16782ffa466f9732a240ef246f40101bf

    • Size

      792KB

    • MD5

      ec6f94af241a9a9b582872e37202c676

    • SHA1

      4b6c7c17ac8d5e0614388159b315c4a5ce2d7392

    • SHA256

      96967a4221142488b3ee4bd06b2adbd16782ffa466f9732a240ef246f40101bf

    • SHA512

      72f1a2eb3dac4b1485ce7fb21555a36d6b9a7af88efbba50fd9f70ee15fcc7e99f6851dff412f3fed3b65c8916cd00b68a2c91d2a0644b2d2d3b359c4c01f81c

    • SSDEEP

      24576:myQVf0rsoE2bHIA01Uox14Rk44sOYrCyPO:1Q10woEGu1UeORCsOOP

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks