Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    93b4d5522abb24b35fac5a3c61d2e7ea77b9fa3aab96cf34b9e8b0ce28739d5c

  • Size

    688KB

  • Sample

    230325-hhrtasbe57

  • MD5

    2ca25ce83ab7d9ef5a268848cfe271e4

  • SHA1

    20af785911ad2af79d399629e852bdefcb679855

  • SHA256

    93b4d5522abb24b35fac5a3c61d2e7ea77b9fa3aab96cf34b9e8b0ce28739d5c

  • SHA512

    c7c1d44a0c22705ddccd628ddc303a2ec14a9a2da12d7f5743c9f3df4ce6040888b3cab830b9027b5501e53676ee0d47e3366b5d92417fd42d05864f373d9831

  • SSDEEP

    12288:4MrYy90hxnDKoOpGJGCGaT24S+sesV67acwGIwqf243xCbMSKbRxD5lf+IWJ:gye26JGCGaS4SzeM6+Gwe4hyMflxPmJ

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

lenka

C2

193.233.20.32:4125

Attributes
  • auth_value

    8a60e8b2ec79d6a7e92f9feac39b8830

Targets

    • Target

      93b4d5522abb24b35fac5a3c61d2e7ea77b9fa3aab96cf34b9e8b0ce28739d5c

    • Size

      688KB

    • MD5

      2ca25ce83ab7d9ef5a268848cfe271e4

    • SHA1

      20af785911ad2af79d399629e852bdefcb679855

    • SHA256

      93b4d5522abb24b35fac5a3c61d2e7ea77b9fa3aab96cf34b9e8b0ce28739d5c

    • SHA512

      c7c1d44a0c22705ddccd628ddc303a2ec14a9a2da12d7f5743c9f3df4ce6040888b3cab830b9027b5501e53676ee0d47e3366b5d92417fd42d05864f373d9831

    • SSDEEP

      12288:4MrYy90hxnDKoOpGJGCGaT24S+sesV67acwGIwqf243xCbMSKbRxD5lf+IWJ:gye26JGCGaS4SzeM6+Gwe4hyMflxPmJ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks