Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af

  • Size

    659KB

  • Sample

    230402-c8drgaff2x

  • MD5

    07c81b72ac92b7e40a08011ff39d0ef1

  • SHA1

    877c37632155b1251fac6f636d58388d1c4bf1ce

  • SHA256

    bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af

  • SHA512

    32d047511476ef91d59b9c87ffdb1531e425c9c6413d2c9ee6ffb2913b43f3f30b4c85dd692ccd9decc58f3b6e5ab218fa00e7f27c45180d16ea2bf1a226a0ed

  • SSDEEP

    12288:EMrMy90Zl2qFuOE0F56EKY2y0+GY41lof5Ksa/Pm3tQdF:Yy+2+x36TvtY41iAdm9QdF

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af

    • Size

      659KB

    • MD5

      07c81b72ac92b7e40a08011ff39d0ef1

    • SHA1

      877c37632155b1251fac6f636d58388d1c4bf1ce

    • SHA256

      bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af

    • SHA512

      32d047511476ef91d59b9c87ffdb1531e425c9c6413d2c9ee6ffb2913b43f3f30b4c85dd692ccd9decc58f3b6e5ab218fa00e7f27c45180d16ea2bf1a226a0ed

    • SSDEEP

      12288:EMrMy90Zl2qFuOE0F56EKY2y0+GY41lof5Ksa/Pm3tQdF:Yy+2+x36TvtY41iAdm9QdF

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks