Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

  • Size

    479KB

  • Sample

    230508-z5zk4acg63

  • MD5

    c099511b05a276739e6854d5f927854f

  • SHA1

    61191387fb320ce9153769cb405f4b61c443cbe5

  • SHA256

    4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

  • SHA512

    8511a71c48eda1b5305fc626a68931371489f3c1b1839c269b4dc3ee9f2d89d2ab49c2834c53b306bf61ff68e27f461b257d7fc526bdec93c5b38c09a616f53d

  • SSDEEP

    6144:Kly+bnr+Ap0yN90QEq4dQhlaZglvafwstPxQxsz6lGRoYy1f2Lw4Pd8s+3ZYL:LMrIy9044AlWCvJstSi2VQv9O2

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

    • Size

      479KB

    • MD5

      c099511b05a276739e6854d5f927854f

    • SHA1

      61191387fb320ce9153769cb405f4b61c443cbe5

    • SHA256

      4fe174034d8acc970e9175f7b2a709d0c61332007f754c7f6de0438cccda3d7e

    • SHA512

      8511a71c48eda1b5305fc626a68931371489f3c1b1839c269b4dc3ee9f2d89d2ab49c2834c53b306bf61ff68e27f461b257d7fc526bdec93c5b38c09a616f53d

    • SSDEEP

      6144:Kly+bnr+Ap0yN90QEq4dQhlaZglvafwstPxQxsz6lGRoYy1f2Lw4Pd8s+3ZYL:LMrIy9044AlWCvJstSi2VQv9O2

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks