Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d

  • Size

    479KB

  • Sample

    230508-znhw1scf82

  • MD5

    4273929f460efa3c6bad7d61b291e7a3

  • SHA1

    839b2c23b5210841e391c7236c4a82f121736029

  • SHA256

    5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d

  • SHA512

    010da4467f3b479732a015c3d1d8818bf976bf3a3a7e1db10375bace905b67da4ba98c8b805b95e66db61f7599dc60daa19fb80fb51e947ff4acad366558be26

  • SSDEEP

    6144:Kpy+bnr+qp0yN90QEtTvSovepEUIcnebXkzmBS2QqY+aget9R252UoXAqrnAlygo:bMrqy907vDc609GY+agEZOB4eBc

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d

    • Size

      479KB

    • MD5

      4273929f460efa3c6bad7d61b291e7a3

    • SHA1

      839b2c23b5210841e391c7236c4a82f121736029

    • SHA256

      5b1a0da1e9cbb380b0692073dd1f036dcb920d7df7e0967744f00cac9fd6dc3d

    • SHA512

      010da4467f3b479732a015c3d1d8818bf976bf3a3a7e1db10375bace905b67da4ba98c8b805b95e66db61f7599dc60daa19fb80fb51e947ff4acad366558be26

    • SSDEEP

      6144:Kpy+bnr+qp0yN90QEtTvSovepEUIcnebXkzmBS2QqY+aget9R252UoXAqrnAlygo:bMrqy907vDc609GY+agEZOB4eBc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks