Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c36b78d455b0497815563a935003245db5ec818692219016c2a022b57bafb8e

  • Size

    658KB

  • Sample

    230401-qn646sac49

  • MD5

    b2d74d841f0944e17c1bf90413f0edd4

  • SHA1

    9a5b5cfcce946941e12762615fe44b28304dd056

  • SHA256

    3c36b78d455b0497815563a935003245db5ec818692219016c2a022b57bafb8e

  • SHA512

    efdeb2205b1ff91e5ed1a3dd8e25b3f05b93952f7e1b768f2f990aa89b0c75cd54db7dadf0d5a1e30fc356d460536434c1ce140bba82fa03a9fbd7c92cc395f6

  • SSDEEP

    12288:HMrey90Ym/errM58OssoyyRGkjI+AZvbpftXEOa0o0jMOys2:tyTfQ5wGS5eEOTVGs2

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      3c36b78d455b0497815563a935003245db5ec818692219016c2a022b57bafb8e

    • Size

      658KB

    • MD5

      b2d74d841f0944e17c1bf90413f0edd4

    • SHA1

      9a5b5cfcce946941e12762615fe44b28304dd056

    • SHA256

      3c36b78d455b0497815563a935003245db5ec818692219016c2a022b57bafb8e

    • SHA512

      efdeb2205b1ff91e5ed1a3dd8e25b3f05b93952f7e1b768f2f990aa89b0c75cd54db7dadf0d5a1e30fc356d460536434c1ce140bba82fa03a9fbd7c92cc395f6

    • SSDEEP

      12288:HMrey90Ym/errM58OssoyyRGkjI+AZvbpftXEOa0o0jMOys2:tyTfQ5wGS5eEOTVGs2

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks