Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39a394110edd9684aab5ae3a40786cdbb048fd24aaa302e2dd3995ed90f4327b

  • Size

    1.1MB

  • Sample

    230514-k894nsdg2x

  • MD5

    0364c47355ccf93d55bb61a615f56681

  • SHA1

    1052402420c2bff86ec929e9c3cbb4abce318177

  • SHA256

    39a394110edd9684aab5ae3a40786cdbb048fd24aaa302e2dd3995ed90f4327b

  • SHA512

    34a646c53fdc5c904011111df7cac376927740351075a7cc3284e96e713add475cb51370d0d29808b105906d537c080ce5d16141b83def777e7596679f1906b1

  • SSDEEP

    24576:8yQK5E9Wio+67Y6x/egYsfrLjd2uLeVF1qh1y0JT+IhOJTURDu:rBiMFYQrLJ3LqFSJTnc

Malware Config

Extracted

Family

redline

Botnet

larry

C2

185.161.248.75:4132

Attributes
  • auth_value

    9039557bb7a08f5f2f60e2b71e1dee0e

Extracted

Family

redline

Botnet

wassa

C2

185.161.248.75:4132

Attributes
  • auth_value

    b8fa7f0c657940c14afdbf6300afb292

Targets

    • Target

      39a394110edd9684aab5ae3a40786cdbb048fd24aaa302e2dd3995ed90f4327b

    • Size

      1.1MB

    • MD5

      0364c47355ccf93d55bb61a615f56681

    • SHA1

      1052402420c2bff86ec929e9c3cbb4abce318177

    • SHA256

      39a394110edd9684aab5ae3a40786cdbb048fd24aaa302e2dd3995ed90f4327b

    • SHA512

      34a646c53fdc5c904011111df7cac376927740351075a7cc3284e96e713add475cb51370d0d29808b105906d537c080ce5d16141b83def777e7596679f1906b1

    • SSDEEP

      24576:8yQK5E9Wio+67Y6x/egYsfrLjd2uLeVF1qh1y0JT+IhOJTURDu:rBiMFYQrLJ3LqFSJTnc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks