Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    286e2f0005e5dd19e3b8ef0d62313c2114ec78d646e5e172b75c3dc5055e170c

  • Size

    481KB

  • Sample

    230509-njbrcshd9x

  • MD5

    75aeca15f9482c83fef3ec725721bf14

  • SHA1

    131bb41ffd1adb74e32ac9857c628f21f9c25cf5

  • SHA256

    286e2f0005e5dd19e3b8ef0d62313c2114ec78d646e5e172b75c3dc5055e170c

  • SHA512

    a935ca628724181a619f4d7b022e434f2249c62ac459169dcb3235e4409c4a46e5274f630157e4d4367d197366938c0d3c4becd733f550af6afba128b4685647

  • SSDEEP

    12288:XMrhy90HP5y6FwFhi47xAEBGZt1e+9YG:Oy0jwtlA8GFeTG

Malware Config

Extracted

Family

redline

Botnet

mofun

C2

217.196.96.101:4132

Attributes
  • auth_value

    da5d4987d25c2de43d34fcc99b29fff3

Targets

    • Target

      286e2f0005e5dd19e3b8ef0d62313c2114ec78d646e5e172b75c3dc5055e170c

    • Size

      481KB

    • MD5

      75aeca15f9482c83fef3ec725721bf14

    • SHA1

      131bb41ffd1adb74e32ac9857c628f21f9c25cf5

    • SHA256

      286e2f0005e5dd19e3b8ef0d62313c2114ec78d646e5e172b75c3dc5055e170c

    • SHA512

      a935ca628724181a619f4d7b022e434f2249c62ac459169dcb3235e4409c4a46e5274f630157e4d4367d197366938c0d3c4becd733f550af6afba128b4685647

    • SSDEEP

      12288:XMrhy90HP5y6FwFhi47xAEBGZt1e+9YG:Oy0jwtlA8GFeTG

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks