Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f

  • Size

    643KB

  • Sample

    230503-yr4r8agc65

  • MD5

    6f562811f9e2b48e8d1c2e4a1ee454a9

  • SHA1

    9ece8dc06ed22ae61bc91cc54f406cdc587828ab

  • SHA256

    1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f

  • SHA512

    c262927b45e9cbe40087b4303192bd82d9e6914ddd7c9410c641099602c7d87dd88a99648272c0ad5db336b07158b1d73a153e2499426f7e9cff690ed900b377

  • SSDEEP

    12288:VMr3y90ko1v6FpTV+3oCexcSZGIa5RaujYGwvMOvtaFiqyU2U:yy61v6HxHC0cSZkTauQaoa

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f

    • Size

      643KB

    • MD5

      6f562811f9e2b48e8d1c2e4a1ee454a9

    • SHA1

      9ece8dc06ed22ae61bc91cc54f406cdc587828ab

    • SHA256

      1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f

    • SHA512

      c262927b45e9cbe40087b4303192bd82d9e6914ddd7c9410c641099602c7d87dd88a99648272c0ad5db336b07158b1d73a153e2499426f7e9cff690ed900b377

    • SSDEEP

      12288:VMr3y90ko1v6FpTV+3oCexcSZGIa5RaujYGwvMOvtaFiqyU2U:yy61v6HxHC0cSZkTauQaoa

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks