Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

  • Size

    478KB

  • Sample

    230510-ql2fxahh8v

  • MD5

    ffad23dfe26ea3419cf9db6902196f31

  • SHA1

    c8d51cd7796dd3890e2e92b71efd0702f5221966

  • SHA256

    92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

  • SHA512

    c1422d903e5f1745f21073f1a9c0320d825461e84cbcb24aea650d1cc3bad13a2703ac2ba7a1b27ad7b48e3afef43def141d624251890e773abbd32fd9485dd9

  • SSDEEP

    12288:TMr8y90nljYL+EiqW+qgiyu7sHw7nmGRR/:3y6lI/LiYHw7mGRF

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

    • Size

      478KB

    • MD5

      ffad23dfe26ea3419cf9db6902196f31

    • SHA1

      c8d51cd7796dd3890e2e92b71efd0702f5221966

    • SHA256

      92f3b66e5de57b159792bcd247e86551a7fb059e61226d46e072656feadf6a92

    • SHA512

      c1422d903e5f1745f21073f1a9c0320d825461e84cbcb24aea650d1cc3bad13a2703ac2ba7a1b27ad7b48e3afef43def141d624251890e773abbd32fd9485dd9

    • SSDEEP

      12288:TMr8y90nljYL+EiqW+qgiyu7sHw7nmGRR/:3y6lI/LiYHw7mGRF

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks