Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12ef38c9bd95d4ae186fdf54aa627d418c94c1b720f73c347b22c8457042755c

  • Size

    686KB

  • Sample

    230326-rh4yasag3x

  • MD5

    86ad10fdd51cb2ccfe6bf0f97a099610

  • SHA1

    43a2d2ff7e87a566ce202987a1d57c6ed8dd3883

  • SHA256

    12ef38c9bd95d4ae186fdf54aa627d418c94c1b720f73c347b22c8457042755c

  • SHA512

    c791e6e0a6972ed3682feb7e25a61e8fba5cddfe5811ffe84e235e89a4edcfe9f0e0b0cd9ea2402710418869e156a735b04dfbabad36b90b65b3fc24385f06d5

  • SSDEEP

    12288:bMrSy90p3a//LOWQGev5F+Cos/LuF7VTIK5iP5NVSmqoa/D:1yia/SWg5gCXLgiRQb

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

dogma

C2

193.233.20.32:4125

Attributes
  • auth_value

    1b692976ca991040f2e8890409c35142

Targets

    • Target

      12ef38c9bd95d4ae186fdf54aa627d418c94c1b720f73c347b22c8457042755c

    • Size

      686KB

    • MD5

      86ad10fdd51cb2ccfe6bf0f97a099610

    • SHA1

      43a2d2ff7e87a566ce202987a1d57c6ed8dd3883

    • SHA256

      12ef38c9bd95d4ae186fdf54aa627d418c94c1b720f73c347b22c8457042755c

    • SHA512

      c791e6e0a6972ed3682feb7e25a61e8fba5cddfe5811ffe84e235e89a4edcfe9f0e0b0cd9ea2402710418869e156a735b04dfbabad36b90b65b3fc24385f06d5

    • SSDEEP

      12288:bMrSy90p3a//LOWQGev5F+Cos/LuF7VTIK5iP5NVSmqoa/D:1yia/SWg5gCXLgiRQb

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks