Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b471400ecc784f31992d885e9f7f69d7843ccb3d52058b854f60a203f436cfdb

  • Size

    875KB

  • Sample

    230321-qdd1mscd5y

  • MD5

    b97d156f00124be714c2218a04b24289

  • SHA1

    1f42372170596f7e2fd7c37a58409f074c97eeb4

  • SHA256

    b471400ecc784f31992d885e9f7f69d7843ccb3d52058b854f60a203f436cfdb

  • SHA512

    b3878d86f1d054b40cb66d1338ceca33707a92253361fbda02e6ee5630f78525a9dbbc373fd88e8e2af5450ad94f27d8f5dd5dac77f64ab6c0667748f90119e0

  • SSDEEP

    24576:4yvkOly5q6SjowRZhNW36lexWHc1u8iGf3AsTcMA9:/8Olgq6SDZhdAsdGJxA

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Extracted

Family

redline

Botnet

relon

C2

193.233.20.30:4125

Attributes
  • auth_value

    17da69809725577b595e217ba006b869

Targets

    • Target

      b471400ecc784f31992d885e9f7f69d7843ccb3d52058b854f60a203f436cfdb

    • Size

      875KB

    • MD5

      b97d156f00124be714c2218a04b24289

    • SHA1

      1f42372170596f7e2fd7c37a58409f074c97eeb4

    • SHA256

      b471400ecc784f31992d885e9f7f69d7843ccb3d52058b854f60a203f436cfdb

    • SHA512

      b3878d86f1d054b40cb66d1338ceca33707a92253361fbda02e6ee5630f78525a9dbbc373fd88e8e2af5450ad94f27d8f5dd5dac77f64ab6c0667748f90119e0

    • SSDEEP

      24576:4yvkOly5q6SjowRZhNW36lexWHc1u8iGf3AsTcMA9:/8Olgq6SDZhdAsdGJxA

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks