Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d

  • Size

    850KB

  • Sample

    230502-lmdzsacd2y

  • MD5

    c0ce2c4f24796cf99efce0d2f4d05ebc

  • SHA1

    c956b06c8cd02be9afb293f02b05fef461c2454c

  • SHA256

    22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d

  • SHA512

    403a97b83cf2462e3d46e611daf11d27aaecd5c06125e2007cda5e68f0ed37fd6d6aa1e61a807548ba0313932a3b50fd5ab2d19cb26b15d9a1d6222e8282ff39

  • SSDEEP

    24576:PydjrE4HDN9IYdSoIm8PZ6Cc4aFwjwVLLZ4B:ad7fIib8a4KNLW

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d

    • Size

      850KB

    • MD5

      c0ce2c4f24796cf99efce0d2f4d05ebc

    • SHA1

      c956b06c8cd02be9afb293f02b05fef461c2454c

    • SHA256

      22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d

    • SHA512

      403a97b83cf2462e3d46e611daf11d27aaecd5c06125e2007cda5e68f0ed37fd6d6aa1e61a807548ba0313932a3b50fd5ab2d19cb26b15d9a1d6222e8282ff39

    • SSDEEP

      24576:PydjrE4HDN9IYdSoIm8PZ6Cc4aFwjwVLLZ4B:ad7fIib8a4KNLW

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks