Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802

  • Size

    659KB

  • Sample

    230329-ac8kvsff6z

  • MD5

    486164cba30558ad4f1cd52e508f807a

  • SHA1

    edeb065b81b6e9ee57b4df4cab6eb31ca382a422

  • SHA256

    e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802

  • SHA512

    3440db0b6495621398311bab930bffdefcae13783c93f3343bbbdd2447917b1463d183133cbf0c6f83f382b6cccb93001a5f08d07add59e4f79fa9b35b6bd7ee

  • SSDEEP

    12288:aMrcy90VVzqSVlUy3So1YAKOLKw+GHkTi6youYdp2DEc0RA:6ygLVlUxMbBKa0i6yoADaRA

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

zaza

C2

176.113.115.145:4125

Attributes
  • auth_value

    48bf44c663fe3c1035fb4dd0b91fde5d

Targets

    • Target

      e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802

    • Size

      659KB

    • MD5

      486164cba30558ad4f1cd52e508f807a

    • SHA1

      edeb065b81b6e9ee57b4df4cab6eb31ca382a422

    • SHA256

      e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802

    • SHA512

      3440db0b6495621398311bab930bffdefcae13783c93f3343bbbdd2447917b1463d183133cbf0c6f83f382b6cccb93001a5f08d07add59e4f79fa9b35b6bd7ee

    • SSDEEP

      12288:aMrcy90VVzqSVlUy3So1YAKOLKw+GHkTi6youYdp2DEc0RA:6ygLVlUxMbBKa0i6yoADaRA

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks