Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976

  • Size

    726KB

  • Sample

    230325-df8xksag94

  • MD5

    0e3ac54ec0bdedb8efdda8420a6fb9de

  • SHA1

    314c712b182c6bbaee981d4426553399b5e2f61c

  • SHA256

    920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976

  • SHA512

    f09c77ef8c15f4fa75c4a520506af1d3106cfe757a11bdb155afd5cae1def29cc13e06c5db74c001ac16d21361ed3425b1db1697859e18d3b9e2a0c9f99c4f68

  • SSDEEP

    12288:Ap3JDQAu5fdU6AdozuoTnsSu07dIIaYwKFd9iGWOCKjEWf8XgtpsDUdIQEm7ZxS:Ap5u1G6AWK/C7dnap89b98Xmm/m72

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

firmu

C2

193.233.20.32:4125

Attributes
  • auth_value

    9f3e5e35e4a3a38fc36c5a851728aa33

Targets

    • Target

      920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976

    • Size

      726KB

    • MD5

      0e3ac54ec0bdedb8efdda8420a6fb9de

    • SHA1

      314c712b182c6bbaee981d4426553399b5e2f61c

    • SHA256

      920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976

    • SHA512

      f09c77ef8c15f4fa75c4a520506af1d3106cfe757a11bdb155afd5cae1def29cc13e06c5db74c001ac16d21361ed3425b1db1697859e18d3b9e2a0c9f99c4f68

    • SSDEEP

      12288:Ap3JDQAu5fdU6AdozuoTnsSu07dIIaYwKFd9iGWOCKjEWf8XgtpsDUdIQEm7ZxS:Ap5u1G6AWK/C7dnap89b98Xmm/m72

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks