Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104

  • Size

    659KB

  • Sample

    230401-vc161acf4v

  • MD5

    91ca0dec126c2a9701c5b7221488fdb1

  • SHA1

    d5d641860b99931fbb3b8cce94bd45343267307e

  • SHA256

    1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104

  • SHA512

    44fc0cb4dc680d45b882fc3c28bfc34d273fec496058b81a28fe7ea49ad46812a50a9b46b349159d3391db75b77e830d2b4c3599aa4af5f27f08160188f3a81a

  • SSDEEP

    12288:DMrEy90lOomXcA+wnYGDK9xDAclp+CPGCcT7TTes/J/+EAZxd3VopT:ryOEcA5YGjEp+1Tr3/1+EAzdWpT

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104

    • Size

      659KB

    • MD5

      91ca0dec126c2a9701c5b7221488fdb1

    • SHA1

      d5d641860b99931fbb3b8cce94bd45343267307e

    • SHA256

      1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104

    • SHA512

      44fc0cb4dc680d45b882fc3c28bfc34d273fec496058b81a28fe7ea49ad46812a50a9b46b349159d3391db75b77e830d2b4c3599aa4af5f27f08160188f3a81a

    • SSDEEP

      12288:DMrEy90lOomXcA+wnYGDK9xDAclp+CPGCcT7TTes/J/+EAZxd3VopT:ryOEcA5YGjEp+1Tr3/1+EAzdWpT

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks