Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c

  • Size

    687KB

  • Sample

    230326-qxyjdsaf4v

  • MD5

    f18af65f78443f399beb4104bb75832f

  • SHA1

    95e68a5c39badd4d51d55dda6b8ddfd3e16e2bb2

  • SHA256

    a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c

  • SHA512

    3437213bbf48234a42260ca690c2596b0ce6fd17e9186e201ab8030aef6d7d5f2a85e20890b257dafd29599432a4d5b941f7d13ec5462f9bb7f75b6dd20f59df

  • SSDEEP

    12288:iMrdy90w1mu1TWAUTMa/KYeh1Dkt6diz4yMKm96XuSSU4Ezlo8:TyH/WAUTPehJkt6cv4u/SRIlo8

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

dogma

C2

193.233.20.32:4125

Attributes
  • auth_value

    1b692976ca991040f2e8890409c35142

Targets

    • Target

      a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c

    • Size

      687KB

    • MD5

      f18af65f78443f399beb4104bb75832f

    • SHA1

      95e68a5c39badd4d51d55dda6b8ddfd3e16e2bb2

    • SHA256

      a0d6d29157cd4035b6af75df082b57c4bc20a6fa5dbb2ec4b4df81681eb0836c

    • SHA512

      3437213bbf48234a42260ca690c2596b0ce6fd17e9186e201ab8030aef6d7d5f2a85e20890b257dafd29599432a4d5b941f7d13ec5462f9bb7f75b6dd20f59df

    • SSDEEP

      12288:iMrdy90w1mu1TWAUTMa/KYeh1Dkt6diz4yMKm96XuSSU4Ezlo8:TyH/WAUTPehJkt6cv4u/SRIlo8

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks