Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e

  • Size

    1.5MB

  • Sample

    230501-1evpwsaf5x

  • MD5

    1ba754a29c497ee92b101a0504a62a25

  • SHA1

    e59241561d57a5a05f982fee69bc9de149f2a38b

  • SHA256

    089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e

  • SHA512

    6230dec10914fe14777d87f1e39b6b314e9f33e89e48a93e7e83ab2777622e6a5178cbce3e89b6489c721b47920d49b0c3ca78a0d4d7be8eb132bf4833244c37

  • SSDEEP

    49152:7fTKMUdETmkjSf8q3PpIuXQZIWn/fsGNKTYT:DTKjE6RsrIWM2+

Malware Config

Extracted

Family

redline

Botnet

maza

C2

185.161.248.73:4164

Attributes
  • auth_value

    474d54c1c2f5291290c53f8378acd684

Targets

    • Target

      089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e

    • Size

      1.5MB

    • MD5

      1ba754a29c497ee92b101a0504a62a25

    • SHA1

      e59241561d57a5a05f982fee69bc9de149f2a38b

    • SHA256

      089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e

    • SHA512

      6230dec10914fe14777d87f1e39b6b314e9f33e89e48a93e7e83ab2777622e6a5178cbce3e89b6489c721b47920d49b0c3ca78a0d4d7be8eb132bf4833244c37

    • SSDEEP

      49152:7fTKMUdETmkjSf8q3PpIuXQZIWn/fsGNKTYT:DTKjE6RsrIWM2+

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks