Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277

  • Size

    688KB

  • Sample

    230324-3qda4aaa72

  • MD5

    55f8f5af46c32287f95222faf9a31521

  • SHA1

    37f33271fe8734a16b7ac883937d5d7ffc2e02bf

  • SHA256

    b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277

  • SHA512

    c8d9b8eede45a38b60e4d4d63beda9e2e02fc7de1c2286e2ae2e988a497de2180d6973584fc536252e53cfb419cce4aab170558eb5f3bc513df0406c9801e258

  • SSDEEP

    12288:eMroy90LdgxsZadxQOLllhFOCeHkjIdx6Nag+dBWeMZ1Pp2Rh:qyMgxBqO2YIdYa9dYbjh+

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

lenka

C2

193.233.20.32:4125

Attributes
  • auth_value

    8a60e8b2ec79d6a7e92f9feac39b8830

Targets

    • Target

      b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277

    • Size

      688KB

    • MD5

      55f8f5af46c32287f95222faf9a31521

    • SHA1

      37f33271fe8734a16b7ac883937d5d7ffc2e02bf

    • SHA256

      b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277

    • SHA512

      c8d9b8eede45a38b60e4d4d63beda9e2e02fc7de1c2286e2ae2e988a497de2180d6973584fc536252e53cfb419cce4aab170558eb5f3bc513df0406c9801e258

    • SSDEEP

      12288:eMroy90LdgxsZadxQOLllhFOCeHkjIdx6Nag+dBWeMZ1Pp2Rh:qyMgxBqO2YIdYa9dYbjh+

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks