Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ebe51422a05265484133f8699a613210f509c71a4f9082ee35e2fda39d3dd0b

  • Size

    479KB

  • Sample

    230508-m9t5ysca9z

  • MD5

    6896301589bd76dca57c3ee389328434

  • SHA1

    e59408329dc804eded048a9e02c2191f53f86c5b

  • SHA256

    9ebe51422a05265484133f8699a613210f509c71a4f9082ee35e2fda39d3dd0b

  • SHA512

    f686ba8cd7159f1a3a564a91cb07b7015c1e598e53be6a68c86bfad0d62027ae711001f96260e6a2ccdf6d8e24cfdcb462a930f496d88cee27743b9ff05ad6f6

  • SSDEEP

    12288:HMruy90fBZuP+q5lXegw8VV/TNFp5eC70Ru:ZyLZXL/TNH700

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      9ebe51422a05265484133f8699a613210f509c71a4f9082ee35e2fda39d3dd0b

    • Size

      479KB

    • MD5

      6896301589bd76dca57c3ee389328434

    • SHA1

      e59408329dc804eded048a9e02c2191f53f86c5b

    • SHA256

      9ebe51422a05265484133f8699a613210f509c71a4f9082ee35e2fda39d3dd0b

    • SHA512

      f686ba8cd7159f1a3a564a91cb07b7015c1e598e53be6a68c86bfad0d62027ae711001f96260e6a2ccdf6d8e24cfdcb462a930f496d88cee27743b9ff05ad6f6

    • SSDEEP

      12288:HMruy90fBZuP+q5lXegw8VV/TNFp5eC70Ru:ZyLZXL/TNH700

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks