Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8e5b375844488b6cb30e7eea1791b27ae5a7a0859ea6db803e4ab2c078712c6

  • Size

    479KB

  • Sample

    230508-w3qzdsdh3v

  • MD5

    ab2e0724b410debfe179c277251821ce

  • SHA1

    e9db46a67f7f23906ef01d98e51d3cae97a3784e

  • SHA256

    e8e5b375844488b6cb30e7eea1791b27ae5a7a0859ea6db803e4ab2c078712c6

  • SHA512

    d5d5ca0a2491f3a243df970759b632dec4a612a995146943f1236e43ce61c2fc6f0ee181a72d3d7d34197b06e138f58d6ddffdeadafe81a4c5e8611d607e2de4

  • SSDEEP

    12288:aMrgy90P3y0Ow3U1KzlEdxqHN7tRcuPSQx2y2fyr:uyay2U1KZ9sbQx/2f6

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      e8e5b375844488b6cb30e7eea1791b27ae5a7a0859ea6db803e4ab2c078712c6

    • Size

      479KB

    • MD5

      ab2e0724b410debfe179c277251821ce

    • SHA1

      e9db46a67f7f23906ef01d98e51d3cae97a3784e

    • SHA256

      e8e5b375844488b6cb30e7eea1791b27ae5a7a0859ea6db803e4ab2c078712c6

    • SHA512

      d5d5ca0a2491f3a243df970759b632dec4a612a995146943f1236e43ce61c2fc6f0ee181a72d3d7d34197b06e138f58d6ddffdeadafe81a4c5e8611d607e2de4

    • SSDEEP

      12288:aMrgy90P3y0Ow3U1KzlEdxqHN7tRcuPSQx2y2fyr:uyay2U1KZ9sbQx/2f6

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks