Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

  • Size

    662KB

  • Sample

    230401-1ctptaec4x

  • MD5

    da3765bc1889c61fd7b989bc9736b928

  • SHA1

    50977fdf5cb596e91626519b5e8b1673c0cbe348

  • SHA256

    dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

  • SHA512

    1067ea8140b168ef8efabad2935e1cb13808810205cf06042415573a89d31450ec90459df7a7abf70cf219bc99892036101165ca5d8cab55e318219605c1ed95

  • SSDEEP

    12288:hMryy90b7+kr3F1rN2hpKvWOys4piMkqro80yM8FNfoKXa/EmShhomxDQ:ryM+krDrN23Kvz4piGrz0yM83xvmShXm

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

    • Size

      662KB

    • MD5

      da3765bc1889c61fd7b989bc9736b928

    • SHA1

      50977fdf5cb596e91626519b5e8b1673c0cbe348

    • SHA256

      dfe36d65a73dbf36b23b32a6aadab3f8b7ca4bcabb131c380bb6453605517a6a

    • SHA512

      1067ea8140b168ef8efabad2935e1cb13808810205cf06042415573a89d31450ec90459df7a7abf70cf219bc99892036101165ca5d8cab55e318219605c1ed95

    • SSDEEP

      12288:hMryy90b7+kr3F1rN2hpKvWOys4piMkqro80yM8FNfoKXa/EmShhomxDQ:ryM+krDrN23Kvz4piGrz0yM83xvmShXm

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks