Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e7b666e3c96845f86c727aa0372bf66df20ac66fdb48692cbe62b9d0e4de0055

  • Size

    690KB

  • Sample

    230324-ea8kasea8v

  • MD5

    49d59a737a3941c45507717a91d36292

  • SHA1

    a3fa7dddcbb0f359fc59166708cfd1f642d6f083

  • SHA256

    e7b666e3c96845f86c727aa0372bf66df20ac66fdb48692cbe62b9d0e4de0055

  • SHA512

    b9ccbc92ad26dc0cce94cb4539252f580a1c513c2b191a497ad72aded868a7bd9843a5fd96cfebdfc94f629f0e8498b629694690f947dab33b5a61d3cfc56eca

  • SSDEEP

    12288:BFUDvXKBqTqHFB13Npd92vgobCxzKnqe+8znvv/F4DU/2CdQxwQ+JOAxB:BFU7ZTqHFBPX92jNnv3FADCdQx+P

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

hero

C2

193.233.20.31:4125

Attributes
  • auth_value

    11f3c75a88ca461bcc8d6bf60a1193e3

Targets

    • Target

      e7b666e3c96845f86c727aa0372bf66df20ac66fdb48692cbe62b9d0e4de0055

    • Size

      690KB

    • MD5

      49d59a737a3941c45507717a91d36292

    • SHA1

      a3fa7dddcbb0f359fc59166708cfd1f642d6f083

    • SHA256

      e7b666e3c96845f86c727aa0372bf66df20ac66fdb48692cbe62b9d0e4de0055

    • SHA512

      b9ccbc92ad26dc0cce94cb4539252f580a1c513c2b191a497ad72aded868a7bd9843a5fd96cfebdfc94f629f0e8498b629694690f947dab33b5a61d3cfc56eca

    • SSDEEP

      12288:BFUDvXKBqTqHFB13Npd92vgobCxzKnqe+8znvv/F4DU/2CdQxwQ+JOAxB:BFU7ZTqHFBPX92jNnv3FADCdQx+P

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks