Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6

  • Size

    537KB

  • Sample

    230403-crvzesdf4v

  • MD5

    74df1d10e0a2edb8eb8fb12a140508d1

  • SHA1

    99b578e09980d4d70d383709d8b5eaa01b551b58

  • SHA256

    1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6

  • SHA512

    8fa145eebd8fca953c64051c9408793e40bc7179fe6362fbbe53d8b43635c53e05c8a742e283b81f0ed4618349b30b75f4e637e5f274479d6578e25864bd4cd7

  • SSDEEP

    12288:7MrPy90eRQSkD0TzYFJyU3SHRw+vNFAuNgv:oypRDy0TzCJyfxwMlgv

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6

    • Size

      537KB

    • MD5

      74df1d10e0a2edb8eb8fb12a140508d1

    • SHA1

      99b578e09980d4d70d383709d8b5eaa01b551b58

    • SHA256

      1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6

    • SHA512

      8fa145eebd8fca953c64051c9408793e40bc7179fe6362fbbe53d8b43635c53e05c8a742e283b81f0ed4618349b30b75f4e637e5f274479d6578e25864bd4cd7

    • SSDEEP

      12288:7MrPy90eRQSkD0TzYFJyU3SHRw+vNFAuNgv:oypRDy0TzCJyfxwMlgv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks