Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0c8c8c224f60bdd12744dd0f0a04bcfb7a5720bdd37ddbdc00ec5a90fc9fad1b

  • Size

    688KB

  • Sample

    230325-bmc3dace3v

  • MD5

    f405062d2e33296a7d2a402397f2f57d

  • SHA1

    f21f6973882d755b0661b3a05c6e55f069f118ca

  • SHA256

    0c8c8c224f60bdd12744dd0f0a04bcfb7a5720bdd37ddbdc00ec5a90fc9fad1b

  • SHA512

    66db26a04ecea44c124b9abe69fac7859a98d721ebe30bfce7474125ca4094f09e304d2b421e1791ee3de7bb393104359de99f52642ee7ad76f0e30e8eeca10e

  • SSDEEP

    12288:0Mrqy90rjAoem2BaxQGjDTZiI5VVmMVFxf43xDYM7KbZx2/lf+IGNjN:ey8A82Ba5bZpmM/p4h8MW1xgm

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

lenka

C2

193.233.20.32:4125

Attributes
  • auth_value

    8a60e8b2ec79d6a7e92f9feac39b8830

Targets

    • Target

      0c8c8c224f60bdd12744dd0f0a04bcfb7a5720bdd37ddbdc00ec5a90fc9fad1b

    • Size

      688KB

    • MD5

      f405062d2e33296a7d2a402397f2f57d

    • SHA1

      f21f6973882d755b0661b3a05c6e55f069f118ca

    • SHA256

      0c8c8c224f60bdd12744dd0f0a04bcfb7a5720bdd37ddbdc00ec5a90fc9fad1b

    • SHA512

      66db26a04ecea44c124b9abe69fac7859a98d721ebe30bfce7474125ca4094f09e304d2b421e1791ee3de7bb393104359de99f52642ee7ad76f0e30e8eeca10e

    • SSDEEP

      12288:0Mrqy90rjAoem2BaxQGjDTZiI5VVmMVFxf43xDYM7KbZx2/lf+IGNjN:ey8A82Ba5bZpmM/p4h8MW1xgm

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks