Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f

  • Size

    770KB

  • Sample

    230511-gac5hadg5v

  • MD5

    dd00b099d7026ae539ac82710ee824a7

  • SHA1

    0669466458d34ec6e89c14985a3fbd88da7a40d5

  • SHA256

    676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f

  • SHA512

    eb4414a2fbe15a32e2a47956f2d626dcc8d9305bfb5467e8a413f44918465ab9ac5a44cb35a2218c2b0435643dc17c8cd7fad901257cfc09759d9127fb5431bd

  • SSDEEP

    12288:3Mrjy90JuXVg66RHSkGGwz4VKzOXGaukfjqeRG9DtVY9+w+zuE2q:4yQF6WRmwXGauWG9K+kq

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f

    • Size

      770KB

    • MD5

      dd00b099d7026ae539ac82710ee824a7

    • SHA1

      0669466458d34ec6e89c14985a3fbd88da7a40d5

    • SHA256

      676126601d22172cb9bea84e8a8c6b62470dde83b333bc4ee53d3fe5a8eb505f

    • SHA512

      eb4414a2fbe15a32e2a47956f2d626dcc8d9305bfb5467e8a413f44918465ab9ac5a44cb35a2218c2b0435643dc17c8cd7fad901257cfc09759d9127fb5431bd

    • SSDEEP

      12288:3Mrjy90JuXVg66RHSkGGwz4VKzOXGaukfjqeRG9DtVY9+w+zuE2q:4yQF6WRmwXGauWG9K+kq

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks