Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e0b65e53bed5408a608035639448fde687fb82c5bd1c798424a7325e2a2873a6

  • Size

    770KB

  • Sample

    230511-f37n5sdg2v

  • MD5

    4de0ff0bfcdbb6c3b848cb34a98e5ec2

  • SHA1

    809d2b26273ad8ef102109a8940dd42f2b2b3d15

  • SHA256

    e0b65e53bed5408a608035639448fde687fb82c5bd1c798424a7325e2a2873a6

  • SHA512

    1ff1f5ff0d3927560fcc98b41d847d6b4dbae7f917bd3d8689a65d42992c047099872f66437650dd932c0a0738544173764cb7b5c1b013ec1f6195df733d7f10

  • SSDEEP

    12288:OMrJy90TZCBu/L9J2KWDLbX6PiedWb3qLYFqNT/XlYiKTX3jerVPSarkqLE3:fyqCkf67ckLwjlYvTym3

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      e0b65e53bed5408a608035639448fde687fb82c5bd1c798424a7325e2a2873a6

    • Size

      770KB

    • MD5

      4de0ff0bfcdbb6c3b848cb34a98e5ec2

    • SHA1

      809d2b26273ad8ef102109a8940dd42f2b2b3d15

    • SHA256

      e0b65e53bed5408a608035639448fde687fb82c5bd1c798424a7325e2a2873a6

    • SHA512

      1ff1f5ff0d3927560fcc98b41d847d6b4dbae7f917bd3d8689a65d42992c047099872f66437650dd932c0a0738544173764cb7b5c1b013ec1f6195df733d7f10

    • SSDEEP

      12288:OMrJy90TZCBu/L9J2KWDLbX6PiedWb3qLYFqNT/XlYiKTX3jerVPSarkqLE3:fyqCkf67ckLwjlYvTym3

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks