Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    835d738ec5b2cec60577e933f90d7d7a7dc441ec853aed248689225466ff56c4

  • Size

    781KB

  • Sample

    230321-e45eqsgg65

  • MD5

    60f65e516eefa92412034214a663388d

  • SHA1

    6ded150832b593c4b08203d55b65cbb84396aed2

  • SHA256

    835d738ec5b2cec60577e933f90d7d7a7dc441ec853aed248689225466ff56c4

  • SHA512

    d417eb89d2abbde489832a5a57a279189e9dd5eb4f402aa2bc2521da6b1b7257e3f3014f5bba996bedeacc3d6ddd22de0367f81710e3045494ee5195892c9e79

  • SSDEEP

    24576:myJ/UNVHcujeoevjgZVP/BqHWljAsnaGQZ:1JEHcuCVMZZF1nan

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Extracted

Family

redline

Botnet

relon

C2

193.233.20.30:4125

Attributes
  • auth_value

    17da69809725577b595e217ba006b869

Targets

    • Target

      835d738ec5b2cec60577e933f90d7d7a7dc441ec853aed248689225466ff56c4

    • Size

      781KB

    • MD5

      60f65e516eefa92412034214a663388d

    • SHA1

      6ded150832b593c4b08203d55b65cbb84396aed2

    • SHA256

      835d738ec5b2cec60577e933f90d7d7a7dc441ec853aed248689225466ff56c4

    • SHA512

      d417eb89d2abbde489832a5a57a279189e9dd5eb4f402aa2bc2521da6b1b7257e3f3014f5bba996bedeacc3d6ddd22de0367f81710e3045494ee5195892c9e79

    • SSDEEP

      24576:myJ/UNVHcujeoevjgZVP/BqHWljAsnaGQZ:1JEHcuCVMZZF1nan

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks