Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0d60479b5f27880b29b3c8e34485205db637c842f21c48df19ffe7e0f1d09add

  • Size

    479KB

  • Sample

    230508-scj7dabb94

  • MD5

    d808fb85bc274a79429fa4d86df30033

  • SHA1

    319db477b5c5e3ca1693d593af93a272890747c1

  • SHA256

    0d60479b5f27880b29b3c8e34485205db637c842f21c48df19ffe7e0f1d09add

  • SHA512

    963abb547ecbfacb90735aa99ef891de72582d770f915f0c33e489ea5e220200da85b87a7cd44962de2e8d813dc141bb88e7f42b9f1d940a3c5c7a2ff052e81f

  • SSDEEP

    12288:7Mrey90mIz84uI4RoGIhTG+ww4goxuR3xa4gqXXB:ty4yWhTh4pa3jgqXR

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      0d60479b5f27880b29b3c8e34485205db637c842f21c48df19ffe7e0f1d09add

    • Size

      479KB

    • MD5

      d808fb85bc274a79429fa4d86df30033

    • SHA1

      319db477b5c5e3ca1693d593af93a272890747c1

    • SHA256

      0d60479b5f27880b29b3c8e34485205db637c842f21c48df19ffe7e0f1d09add

    • SHA512

      963abb547ecbfacb90735aa99ef891de72582d770f915f0c33e489ea5e220200da85b87a7cd44962de2e8d813dc141bb88e7f42b9f1d940a3c5c7a2ff052e81f

    • SSDEEP

      12288:7Mrey90mIz84uI4RoGIhTG+ww4goxuR3xa4gqXXB:ty4yWhTh4pa3jgqXR

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks