Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f

  • Size

    699KB

  • Sample

    230328-xtgj2aed21

  • MD5

    e9247415d15c3bf0d0f456b94f66d279

  • SHA1

    f9a72e11626d26469a7a52ff95d3330867be003b

  • SHA256

    fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f

  • SHA512

    52e2fd7f7b90f5ed0a68f2cfccf424d989c55cacc925882415ebf142ec5dc02ae0d681de4015995f0dd4bb2c55283f12e099a78fc4a87bf9e4a12ab0b8fc7ffa

  • SSDEEP

    12288:1MrHy90bFwQVr7Fw9Sl0mvwdeE5cIgxx+uWoN8/Fsqc2Ux6E:6yRIy4GOwjcI8xnO/FW2UX

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes
  • auth_value

    b91988a63a24940038d9262827a5320c

Targets

    • Target

      fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f

    • Size

      699KB

    • MD5

      e9247415d15c3bf0d0f456b94f66d279

    • SHA1

      f9a72e11626d26469a7a52ff95d3330867be003b

    • SHA256

      fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f

    • SHA512

      52e2fd7f7b90f5ed0a68f2cfccf424d989c55cacc925882415ebf142ec5dc02ae0d681de4015995f0dd4bb2c55283f12e099a78fc4a87bf9e4a12ab0b8fc7ffa

    • SSDEEP

      12288:1MrHy90bFwQVr7Fw9Sl0mvwdeE5cIgxx+uWoN8/Fsqc2Ux6E:6yRIy4GOwjcI8xnO/FW2UX

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks