Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c

  • Size

    480KB

  • Sample

    230508-ymw7ksce37

  • MD5

    aa66098e9f891d6c13053e7170c0b323

  • SHA1

    94a442f3b1445151e7b658f35a9ff0b27b7e658a

  • SHA256

    290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c

  • SHA512

    6d88c3e1dace0c74e64b82a46b0d25bf8973136001589d6379e7034b7956a37b03087906d2634468e452bbc04aa7fa07b6cd7fc80077f145f40c5753d921d39a

  • SSDEEP

    12288:IMrXy90Mw67SLPr6S9XjqOG7INlfAI3WRaqAFlNR:PyxO+S9RfNlfA8WRt2T

Malware Config

Extracted

Family

redline

Botnet

mihan

C2

217.196.96.101:4132

Attributes
  • auth_value

    9a6a8fdae02ed7caa0a49a6ddc6d4520

Targets

    • Target

      290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c

    • Size

      480KB

    • MD5

      aa66098e9f891d6c13053e7170c0b323

    • SHA1

      94a442f3b1445151e7b658f35a9ff0b27b7e658a

    • SHA256

      290dba13865fe0b5fd9519b5aeb8333f3c2a980bcf1e826cd8bff09da8c4b60c

    • SHA512

      6d88c3e1dace0c74e64b82a46b0d25bf8973136001589d6379e7034b7956a37b03087906d2634468e452bbc04aa7fa07b6cd7fc80077f145f40c5753d921d39a

    • SSDEEP

      12288:IMrXy90Mw67SLPr6S9XjqOG7INlfAI3WRaqAFlNR:PyxO+S9RfNlfA8WRt2T

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks