Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8db813bdace2b9bf0c4407bb90bedd3ad9b88d969dcd2b3d0cdf76533b0da457

  • Size

    696KB

  • Sample

    230328-sw27asbg49

  • MD5

    4082d95eeaff939a6efbc2e31323d666

  • SHA1

    dfb0d5aeebdd09a25e51f8a2749df35ab433ff62

  • SHA256

    8db813bdace2b9bf0c4407bb90bedd3ad9b88d969dcd2b3d0cdf76533b0da457

  • SHA512

    d742f8a8f1a2c20d9fc3f17c851170028bf95c8b2427539728d8d72fcc38ea44a107578155c6209bab084321f7435888c47a0398d4f80bd6048d0af458026e1a

  • SSDEEP

    12288:aMrJy90Q/JCjcn2H3pLl/MqGd4aDz2WhlQobiwFVj5eZ6Le2fk:DyMjb3pLFMqGd4OyWhZbiwFje4S

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes
  • auth_value

    b91988a63a24940038d9262827a5320c

Targets

    • Target

      8db813bdace2b9bf0c4407bb90bedd3ad9b88d969dcd2b3d0cdf76533b0da457

    • Size

      696KB

    • MD5

      4082d95eeaff939a6efbc2e31323d666

    • SHA1

      dfb0d5aeebdd09a25e51f8a2749df35ab433ff62

    • SHA256

      8db813bdace2b9bf0c4407bb90bedd3ad9b88d969dcd2b3d0cdf76533b0da457

    • SHA512

      d742f8a8f1a2c20d9fc3f17c851170028bf95c8b2427539728d8d72fcc38ea44a107578155c6209bab084321f7435888c47a0398d4f80bd6048d0af458026e1a

    • SSDEEP

      12288:aMrJy90Q/JCjcn2H3pLl/MqGd4aDz2WhlQobiwFVj5eZ6Le2fk:DyMjb3pLFMqGd4OyWhZbiwFje4S

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks