Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    48b0453471f36acca8b296e3c4a779221ad0f4d79f70c2211b6f5463abf69881

  • Size

    479KB

  • Sample

    230510-lgskzsfc35

  • MD5

    21025106d5f75a6298f82a2a26eeff3a

  • SHA1

    dc640a0e6caab3db85114d9f3f97964dd4aef35a

  • SHA256

    48b0453471f36acca8b296e3c4a779221ad0f4d79f70c2211b6f5463abf69881

  • SHA512

    678fb938deaa463e2c4ef507ace612ecb37791ccd6ecba23aec49d8d1295853ee563235b0752df5fc2d85612641f4626dbc9a45f082fc309f549a04a5221e059

  • SSDEEP

    12288:pMrSy90jnefwzXNYvyWEdQUFUbAa66mQgIl:by0efxvT5+VRQZl

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      48b0453471f36acca8b296e3c4a779221ad0f4d79f70c2211b6f5463abf69881

    • Size

      479KB

    • MD5

      21025106d5f75a6298f82a2a26eeff3a

    • SHA1

      dc640a0e6caab3db85114d9f3f97964dd4aef35a

    • SHA256

      48b0453471f36acca8b296e3c4a779221ad0f4d79f70c2211b6f5463abf69881

    • SHA512

      678fb938deaa463e2c4ef507ace612ecb37791ccd6ecba23aec49d8d1295853ee563235b0752df5fc2d85612641f4626dbc9a45f082fc309f549a04a5221e059

    • SSDEEP

      12288:pMrSy90jnefwzXNYvyWEdQUFUbAa66mQgIl:by0efxvT5+VRQZl

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.