Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

  • Size

    587KB

  • Sample

    230504-f628tsaa98

  • MD5

    79d84d5750d8252894b780a4e867141a

  • SHA1

    844efbaed71b72dad37b71b00e7130e2c327d5d0

  • SHA256

    a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

  • SHA512

    09fbd3750bbc5fe9bc93bcc29a1877be312004d29eb455d44ca327cc2b59d2c8b15674702f94fce43dc80179a0e495244e851136101c0a3fc710f43309155529

  • SSDEEP

    12288:1Mr6y90uTfzO1L+GbhyL5UzhEMr0fyNReqZIFoWcDbJo:by97OL+qhy9UzmUduq8Co

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

    • Size

      587KB

    • MD5

      79d84d5750d8252894b780a4e867141a

    • SHA1

      844efbaed71b72dad37b71b00e7130e2c327d5d0

    • SHA256

      a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d

    • SHA512

      09fbd3750bbc5fe9bc93bcc29a1877be312004d29eb455d44ca327cc2b59d2c8b15674702f94fce43dc80179a0e495244e851136101c0a3fc710f43309155529

    • SSDEEP

      12288:1Mr6y90uTfzO1L+GbhyL5UzhEMr0fyNReqZIFoWcDbJo:by97OL+qhy9UzmUduq8Co

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks