Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8e0f0a08f319549b6aee62bf303cac0b35884e8ba84ff4d9ffc87b478c601be6

  • Size

    537KB

  • Sample

    230322-jsm4jahe5y

  • MD5

    5208eb66d5b1a28fcf680425540150ad

  • SHA1

    d0763918406911e4aae08102a362068892a36eab

  • SHA256

    8e0f0a08f319549b6aee62bf303cac0b35884e8ba84ff4d9ffc87b478c601be6

  • SHA512

    42abc8af7c52b29f05c70b2190642e74b9ded4364abbda24e3d2a20f363a1430930cf403e3c42e00a608a6302bfb3239f3da9bbfa5659663d2096a60073729ff

  • SSDEEP

    12288:7Mrqy90FMOgsYkOtElhjDxhi4xY6GmW57ZrcIFB7e:lylOlldxY6WRZrcqBS

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

sint

C2

193.233.20.31:4125

Attributes
  • auth_value

    9d9b763b4dcfbff1c06ef4743cc0399e

Targets

    • Target

      8e0f0a08f319549b6aee62bf303cac0b35884e8ba84ff4d9ffc87b478c601be6

    • Size

      537KB

    • MD5

      5208eb66d5b1a28fcf680425540150ad

    • SHA1

      d0763918406911e4aae08102a362068892a36eab

    • SHA256

      8e0f0a08f319549b6aee62bf303cac0b35884e8ba84ff4d9ffc87b478c601be6

    • SHA512

      42abc8af7c52b29f05c70b2190642e74b9ded4364abbda24e3d2a20f363a1430930cf403e3c42e00a608a6302bfb3239f3da9bbfa5659663d2096a60073729ff

    • SSDEEP

      12288:7Mrqy90FMOgsYkOtElhjDxhi4xY6GmW57ZrcIFB7e:lylOlldxY6WRZrcqBS

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks