Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e28da21b6ffb35994480208a5d2504a03d1296df4f297fb23db2b2754a13ca41

  • Size

    479KB

  • Sample

    230510-ck1lbsfg61

  • MD5

    d755549cc6a6d4c50d8b18a6e3418d28

  • SHA1

    7a57cc4760ffaac7af821a49a405749b10ae8ad2

  • SHA256

    e28da21b6ffb35994480208a5d2504a03d1296df4f297fb23db2b2754a13ca41

  • SHA512

    364ec95d6f87cacb3cd7f274fe8420e2ef06df231b9da0beb709760238083f551e199d25bb50ea61d2fb4dbf1abed6e534bf270af26b76c7eb1fd16ac9213a02

  • SSDEEP

    12288:DMrCy90AdKNGs3hblk+mzoPLrFUv0M6Fs2Z5XCBfGB:Ry5q9mklXbFs2DXCkB

Malware Config

Extracted

Family

redline

Botnet

mufos

C2

217.196.96.102:4132

Attributes
  • auth_value

    136f202e6569ad5815c34377858a255c

Targets

    • Target

      e28da21b6ffb35994480208a5d2504a03d1296df4f297fb23db2b2754a13ca41

    • Size

      479KB

    • MD5

      d755549cc6a6d4c50d8b18a6e3418d28

    • SHA1

      7a57cc4760ffaac7af821a49a405749b10ae8ad2

    • SHA256

      e28da21b6ffb35994480208a5d2504a03d1296df4f297fb23db2b2754a13ca41

    • SHA512

      364ec95d6f87cacb3cd7f274fe8420e2ef06df231b9da0beb709760238083f551e199d25bb50ea61d2fb4dbf1abed6e534bf270af26b76c7eb1fd16ac9213a02

    • SSDEEP

      12288:DMrCy90AdKNGs3hblk+mzoPLrFUv0M6Fs2Z5XCBfGB:Ry5q9mklXbFs2DXCkB

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks