Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0cf148f824880b3c48752ef306578bd38103b5b237bee2f68add26b60cda04b3

  • Size

    658KB

  • Sample

    230401-zpj6gaea81

  • MD5

    ad7760149daf7680e2c8cb43af744fd6

  • SHA1

    0c2a9643f683b2d28c8edc665751058bbdb06ff4

  • SHA256

    0cf148f824880b3c48752ef306578bd38103b5b237bee2f68add26b60cda04b3

  • SHA512

    e9d870987a51318ef110a0575cf8c8b03b0c8e4b17573d78fd42010ec7617dfc84566f32cab0e190f0a080effc797d9ed5c4c943138e4ee23f88b016c8c77607

  • SSDEEP

    12288:NMrgy90q8oH2Y8DMSMFqPOpXCPGHc5HPtP+EjZxl/WnqzN6F:hyf8oHmSFZpX85HPB+EjztzNW

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      0cf148f824880b3c48752ef306578bd38103b5b237bee2f68add26b60cda04b3

    • Size

      658KB

    • MD5

      ad7760149daf7680e2c8cb43af744fd6

    • SHA1

      0c2a9643f683b2d28c8edc665751058bbdb06ff4

    • SHA256

      0cf148f824880b3c48752ef306578bd38103b5b237bee2f68add26b60cda04b3

    • SHA512

      e9d870987a51318ef110a0575cf8c8b03b0c8e4b17573d78fd42010ec7617dfc84566f32cab0e190f0a080effc797d9ed5c4c943138e4ee23f88b016c8c77607

    • SSDEEP

      12288:NMrgy90q8oH2Y8DMSMFqPOpXCPGHc5HPtP+EjZxl/WnqzN6F:hyf8oHmSFZpX85HPB+EjztzNW

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks