Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea

  • Size

    536KB

  • Sample

    230322-pggehaaf4t

  • MD5

    9ae4183257c6f0e638e07f673f330ac7

  • SHA1

    07b85f4a67dc09f617ec42e5f7cf980f8b263255

  • SHA256

    1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea

  • SHA512

    4b4f81b8726aaeebea1ad20b1766625cec67e4e3bbda02cd118da5867a1ff44f0082347b21bc884e64d90b681956b695afe473d56549d28b3f64c53e2b3a30a1

  • SSDEEP

    12288:EMrEy903FfydbT+NGpQYS43CCMr/lafeaYwTRwl:Qy2FfO/zyYS43xMr9a9TRwl

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

polo

C2

193.233.20.31:4125

Attributes
  • auth_value

    f1a1b1041a864e0f1f788d42ececa8b3

Targets

    • Target

      1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea

    • Size

      536KB

    • MD5

      9ae4183257c6f0e638e07f673f330ac7

    • SHA1

      07b85f4a67dc09f617ec42e5f7cf980f8b263255

    • SHA256

      1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea

    • SHA512

      4b4f81b8726aaeebea1ad20b1766625cec67e4e3bbda02cd118da5867a1ff44f0082347b21bc884e64d90b681956b695afe473d56549d28b3f64c53e2b3a30a1

    • SSDEEP

      12288:EMrEy903FfydbT+NGpQYS43CCMr/lafeaYwTRwl:Qy2FfO/zyYS43xMr9a9TRwl

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks