Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9

  • Size

    687KB

  • Sample

    230327-nbrgvadb94

  • MD5

    a844ff8b435e3b2a29ea43b689eaa3e2

  • SHA1

    5f435a4b850bc86cbe1acf8a40098e54fe32d688

  • SHA256

    48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9

  • SHA512

    2fb75123c1f187314334ffe3fa5dff52ec27404ece2b2adeea33bd04631b0c389fdb37bcfddd04f09bf12455ec9d972b907ccdcb3592a2ed309c47c73108a5df

  • SSDEEP

    12288:qMrry90ML3UyfwsP5DL+XwHJsJVoOS6WBsgJQdHZDgPwFO6ZcGdrg89aTnamv:9yh3wNXwpDXeg65ZDPnK8o+w

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

nice

C2

193.233.20.33:4125

Attributes
  • auth_value

    a7371b75699e8bc7c51fb960e8ac9e81

Targets

    • Target

      48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9

    • Size

      687KB

    • MD5

      a844ff8b435e3b2a29ea43b689eaa3e2

    • SHA1

      5f435a4b850bc86cbe1acf8a40098e54fe32d688

    • SHA256

      48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9

    • SHA512

      2fb75123c1f187314334ffe3fa5dff52ec27404ece2b2adeea33bd04631b0c389fdb37bcfddd04f09bf12455ec9d972b907ccdcb3592a2ed309c47c73108a5df

    • SSDEEP

      12288:qMrry90ML3UyfwsP5DL+XwHJsJVoOS6WBsgJQdHZDgPwFO6ZcGdrg89aTnamv:9yh3wNXwpDXeg65ZDPnK8o+w

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks