Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86c5796c0950cc5611c0777bec2a9966b39703a3c842019bb54b92d008bf3091

  • Size

    769KB

  • Sample

    230511-azkgjscg2z

  • MD5

    2192e78e226ded3e90153939253bb995

  • SHA1

    eae212316fa4f120c7e25b8e7160d2c1a4dc8dca

  • SHA256

    86c5796c0950cc5611c0777bec2a9966b39703a3c842019bb54b92d008bf3091

  • SHA512

    aff8c63b8d61d4b0a2cca130272529c63dd8061169072e7d85e790ee392a1e245e60a360b3e6eb1b27bed2b70e69efb4b8f78ce2d24c1e8f9935c7877b9ccbfa

  • SSDEEP

    12288:MMrIy90UKF36qwIwHydHGTk/KrONXaTKnqReJaT/S3pI27JsPKqxc:cygAdKnNXaTpwm63SSmPzS

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      86c5796c0950cc5611c0777bec2a9966b39703a3c842019bb54b92d008bf3091

    • Size

      769KB

    • MD5

      2192e78e226ded3e90153939253bb995

    • SHA1

      eae212316fa4f120c7e25b8e7160d2c1a4dc8dca

    • SHA256

      86c5796c0950cc5611c0777bec2a9966b39703a3c842019bb54b92d008bf3091

    • SHA512

      aff8c63b8d61d4b0a2cca130272529c63dd8061169072e7d85e790ee392a1e245e60a360b3e6eb1b27bed2b70e69efb4b8f78ce2d24c1e8f9935c7877b9ccbfa

    • SSDEEP

      12288:MMrIy90UKF36qwIwHydHGTk/KrONXaTKnqReJaT/S3pI27JsPKqxc:cygAdKnNXaTpwm63SSmPzS

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks