Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c1c7d26c918812b63a67a9d525f987dccd525da73501eb17ce6776bbc056ce71

  • Size

    695KB

  • Sample

    230328-x67a8acg99

  • MD5

    1246c40d4288a87c0ff60c787b63c0dc

  • SHA1

    1cb5a778f8b56dd9b04be931cd405b6191162ac4

  • SHA256

    c1c7d26c918812b63a67a9d525f987dccd525da73501eb17ce6776bbc056ce71

  • SHA512

    e80e1800ed5dee46276f0e66140af2ec3ce754b1c20792ff09fc9ffedb04cef622cdd7a251bb0b4b4030ecd322f03a8862a939f9de3f23b0d6ebeed8578a899e

  • SSDEEP

    12288:6Mrjy90iJEFqEiBilkvahiWurr+22LCmQhAemqxVOY/Jl1DvtoGIEfw:BylBXahFuX+KBqbqaYZq

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes
  • auth_value

    b91988a63a24940038d9262827a5320c

Targets

    • Target

      c1c7d26c918812b63a67a9d525f987dccd525da73501eb17ce6776bbc056ce71

    • Size

      695KB

    • MD5

      1246c40d4288a87c0ff60c787b63c0dc

    • SHA1

      1cb5a778f8b56dd9b04be931cd405b6191162ac4

    • SHA256

      c1c7d26c918812b63a67a9d525f987dccd525da73501eb17ce6776bbc056ce71

    • SHA512

      e80e1800ed5dee46276f0e66140af2ec3ce754b1c20792ff09fc9ffedb04cef622cdd7a251bb0b4b4030ecd322f03a8862a939f9de3f23b0d6ebeed8578a899e

    • SSDEEP

      12288:6Mrjy90iJEFqEiBilkvahiWurr+22LCmQhAemqxVOY/Jl1DvtoGIEfw:BylBXahFuX+KBqbqaYZq

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks