Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0515b06521f3d406d8956a5ecabe24a805564f3dd465e8a1e39c1aff14fc7d79

  • Size

    658KB

  • Sample

    230401-r4aataaf54

  • MD5

    591b55a4fe9885d748c1fd044ae614cb

  • SHA1

    6a1c1cd54df03d16af2d77e94de2d12ef2c619fd

  • SHA256

    0515b06521f3d406d8956a5ecabe24a805564f3dd465e8a1e39c1aff14fc7d79

  • SHA512

    59578c36a89a58bb802d90b52a8d74da023c1faf4dab2b5792e3395ebe39745aa03fd414cc7fe5094ad6e83b1ea8376b17f3ad291113baf541e8b6e021ea03ab

  • SSDEEP

    12288:5Mr8y90a1yPQDfEIl5V/kJD2O+u8XJVaQCnPG0XVaKjsQoqBibUbwj7:Fyg3Il5V/kSBXJVdCnPnxIQDmUa7

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      0515b06521f3d406d8956a5ecabe24a805564f3dd465e8a1e39c1aff14fc7d79

    • Size

      658KB

    • MD5

      591b55a4fe9885d748c1fd044ae614cb

    • SHA1

      6a1c1cd54df03d16af2d77e94de2d12ef2c619fd

    • SHA256

      0515b06521f3d406d8956a5ecabe24a805564f3dd465e8a1e39c1aff14fc7d79

    • SHA512

      59578c36a89a58bb802d90b52a8d74da023c1faf4dab2b5792e3395ebe39745aa03fd414cc7fe5094ad6e83b1ea8376b17f3ad291113baf541e8b6e021ea03ab

    • SSDEEP

      12288:5Mr8y90a1yPQDfEIl5V/kJD2O+u8XJVaQCnPG0XVaKjsQoqBibUbwj7:Fyg3Il5V/kSBXJVdCnPnxIQDmUa7

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks