Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02

  • Size

    685KB

  • Sample

    230327-sej96aea29

  • MD5

    7170710f160f0080d02b94779a53f277

  • SHA1

    378638fbb9579bd46f635058e11001cb7e4f676a

  • SHA256

    da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02

  • SHA512

    2d4499789d8912ec79b18e6881155cc7ccb65b3827a08a9da7d63979f24e5737870c0c565e8bdd0c535b924b6984b332d352480e364223811856b77495af170e

  • SSDEEP

    12288:rMrmy90iIeroQM2rTLszDLjGD7M9XjRBIBrRwEJo44zWlfA5q:FyoNt2rMzDHGY9TQhRwEJobYA5q

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

nice

C2

193.233.20.33:4125

Attributes
  • auth_value

    a7371b75699e8bc7c51fb960e8ac9e81

Targets

    • Target

      da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02

    • Size

      685KB

    • MD5

      7170710f160f0080d02b94779a53f277

    • SHA1

      378638fbb9579bd46f635058e11001cb7e4f676a

    • SHA256

      da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02

    • SHA512

      2d4499789d8912ec79b18e6881155cc7ccb65b3827a08a9da7d63979f24e5737870c0c565e8bdd0c535b924b6984b332d352480e364223811856b77495af170e

    • SSDEEP

      12288:rMrmy90iIeroQM2rTLszDLjGD7M9XjRBIBrRwEJo44zWlfA5q:FyoNt2rMzDHGY9TQhRwEJobYA5q

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks