Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

  • Size

    722KB

  • Sample

    230325-zchrwagd4w

  • MD5

    06c5e664b2311d9a2c5e645e055c29d5

  • SHA1

    e7a9627695ddf10dc8cb6db6b70f441d7098d0fa

  • SHA256

    172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

  • SHA512

    7929cc524f22ba2f329dbd76d2dba9e64c437124486d75ae59d97430c90a08fcb9141b6c59d03988ff32c39a3da2d706bbbcf19861a656f9cf60416b7fe74a6d

  • SSDEEP

    12288:R1J7ppIKstg6eUo1UbOYIPrdHK939cA3mQo2PC5YCn9yAMX6w2Im3Gn9u:R1mKsq6ajPVQoY69ydqws3GnY

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

viza

C2

193.233.20.32:4125

Attributes
  • auth_value

    153a106a89fae7251f2dc17be2eb5720

Targets

    • Target

      172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

    • Size

      722KB

    • MD5

      06c5e664b2311d9a2c5e645e055c29d5

    • SHA1

      e7a9627695ddf10dc8cb6db6b70f441d7098d0fa

    • SHA256

      172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381

    • SHA512

      7929cc524f22ba2f329dbd76d2dba9e64c437124486d75ae59d97430c90a08fcb9141b6c59d03988ff32c39a3da2d706bbbcf19861a656f9cf60416b7fe74a6d

    • SSDEEP

      12288:R1J7ppIKstg6eUo1UbOYIPrdHK939cA3mQo2PC5YCn9yAMX6w2Im3Gn9u:R1mKsq6ajPVQoY69ydqws3GnY

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks