Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    08938f405454ed56546c6945ce812ddccb05a5f043eb1aaafc830564b9e97fda

  • Size

    696KB

  • Sample

    230328-vgyaxadg4z

  • MD5

    86e0427e89d9c4dddd1f6755641d7cec

  • SHA1

    287a2a2657add23569ab44b38ea532d36935b31b

  • SHA256

    08938f405454ed56546c6945ce812ddccb05a5f043eb1aaafc830564b9e97fda

  • SHA512

    6d8a13529e4bb3edd5ad30f0534c931f515e00e5de686b816755f04147a701aa84d4b1f4a7aa3d3ba5220803e56bb6ef3cbfa0158b62a45bea7f4123e87966b3

  • SSDEEP

    12288:1Mr3y90XMHSDYlXn43AO+KF+M5+OGmKaDzCfpa6y+rixIxwZFV1kSZlIaZ+4u/Jq:Oy6MHSE6AO+ZM5jGmKOOhPFVwnsS3tnT

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes
  • auth_value

    b91988a63a24940038d9262827a5320c

Targets

    • Target

      08938f405454ed56546c6945ce812ddccb05a5f043eb1aaafc830564b9e97fda

    • Size

      696KB

    • MD5

      86e0427e89d9c4dddd1f6755641d7cec

    • SHA1

      287a2a2657add23569ab44b38ea532d36935b31b

    • SHA256

      08938f405454ed56546c6945ce812ddccb05a5f043eb1aaafc830564b9e97fda

    • SHA512

      6d8a13529e4bb3edd5ad30f0534c931f515e00e5de686b816755f04147a701aa84d4b1f4a7aa3d3ba5220803e56bb6ef3cbfa0158b62a45bea7f4123e87966b3

    • SSDEEP

      12288:1Mr3y90XMHSDYlXn43AO+KF+M5+OGmKaDzCfpa6y+rixIxwZFV1kSZlIaZ+4u/Jq:Oy6MHSE6AO+ZM5jGmKOOhPFVwnsS3tnT

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks