Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ce7e7a2fa5c896adb619898290dab367e34fcffceaa332f5810ceaaa7570c76d

  • Size

    779KB

  • Sample

    230321-cwpcfaae2t

  • MD5

    4159476f24ce734df27a92464189dd1c

  • SHA1

    79c42b1b72cc772c8a073044acfd72c5eaff8ac2

  • SHA256

    ce7e7a2fa5c896adb619898290dab367e34fcffceaa332f5810ceaaa7570c76d

  • SHA512

    459223b02069de1693422726f5ffd665aa089cee3813b11cc150de5df2dfd9fd4d42896dd36af4d7fdb19c79ae11a6b06f8f443ae2381b72bed79d0143cdb3ac

  • SSDEEP

    12288:vMr3y90/V6fE6iJs2irY1oju4F3YNc6ppAxfdBLk2H8z014Z79pcygN+dtWHf:My9E6JrYGjpCf3AxfdBLk+4h92

Malware Config

Extracted

Family

redline

Botnet

relon

C2

193.233.20.30:4125

Attributes
  • auth_value

    17da69809725577b595e217ba006b869

Targets

    • Target

      ce7e7a2fa5c896adb619898290dab367e34fcffceaa332f5810ceaaa7570c76d

    • Size

      779KB

    • MD5

      4159476f24ce734df27a92464189dd1c

    • SHA1

      79c42b1b72cc772c8a073044acfd72c5eaff8ac2

    • SHA256

      ce7e7a2fa5c896adb619898290dab367e34fcffceaa332f5810ceaaa7570c76d

    • SHA512

      459223b02069de1693422726f5ffd665aa089cee3813b11cc150de5df2dfd9fd4d42896dd36af4d7fdb19c79ae11a6b06f8f443ae2381b72bed79d0143cdb3ac

    • SSDEEP

      12288:vMr3y90/V6fE6iJs2irY1oju4F3YNc6ppAxfdBLk2H8z014Z79pcygN+dtWHf:My9E6JrYGjpCf3AxfdBLk+4h92

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks