Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4

  • Size

    479KB

  • Sample

    230510-g4z65age2z

  • MD5

    cb1fa067e5fa4d2a2ec567c8cb9dee39

  • SHA1

    bafc0b73f7bd4216859f9c0db843fb2cd6dd2e9c

  • SHA256

    56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4

  • SHA512

    2d09f22e8c4df72a947f42929dc39a5422e57b8157d6fcada282dafd17bab3e0c2014e0fbfe9e9915e73d5939267f2212a5964652685be39ff8018b3e07aa9a5

  • SSDEEP

    12288:lMrxy90NPCqEzpv7mkyiDRFs1QzAuDfL1TsVbNO:8ywCzV9BNFs1QsgL1axO

Malware Config

Extracted

Family

redline

Botnet

mufos

C2

217.196.96.102:4132

Attributes
  • auth_value

    136f202e6569ad5815c34377858a255c

Targets

    • Target

      56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4

    • Size

      479KB

    • MD5

      cb1fa067e5fa4d2a2ec567c8cb9dee39

    • SHA1

      bafc0b73f7bd4216859f9c0db843fb2cd6dd2e9c

    • SHA256

      56a3e489fd3419b9eaef27e60f7148a099bdc519611ab2382d7407f32e6963d4

    • SHA512

      2d09f22e8c4df72a947f42929dc39a5422e57b8157d6fcada282dafd17bab3e0c2014e0fbfe9e9915e73d5939267f2212a5964652685be39ff8018b3e07aa9a5

    • SSDEEP

      12288:lMrxy90NPCqEzpv7mkyiDRFs1QzAuDfL1TsVbNO:8ywCzV9BNFs1QsgL1axO

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks