Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388

  • Size

    1.0MB

  • Sample

    230519-n43qksgd8y

  • MD5

    43ecad9168b97028b03c445e2bd3013c

  • SHA1

    8d974f38c618ef67b6f2120d514de53307cd3856

  • SHA256

    ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388

  • SHA512

    6890a8e4d7090e2ed6de3269e51bf27d9a367f71e79e899ec8f7f27db0fbded5461fd4e1f80aacee99c0acf32f7638a8369e0a5e47ce9e97b0ff6bdf16f4cca4

  • SSDEEP

    24576:eyZbthJmJyW/M3YFWXw5XEDbFtTB/amUCKcOH:t5tbuyeM3mWg5XEDptlakO

Malware Config

Extracted

Family

redline

Botnet

duper

C2

77.91.68.253:19065

Attributes
  • auth_value

    57e17ebbdb18f4882b95fe05402ef1c8

Targets

    • Target

      ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388

    • Size

      1.0MB

    • MD5

      43ecad9168b97028b03c445e2bd3013c

    • SHA1

      8d974f38c618ef67b6f2120d514de53307cd3856

    • SHA256

      ab2a976e6dbb7ac7a870b643a6cd30f4ce38e4bf175a4be25f3da2acbc632388

    • SHA512

      6890a8e4d7090e2ed6de3269e51bf27d9a367f71e79e899ec8f7f27db0fbded5461fd4e1f80aacee99c0acf32f7638a8369e0a5e47ce9e97b0ff6bdf16f4cca4

    • SSDEEP

      24576:eyZbthJmJyW/M3YFWXw5XEDbFtTB/amUCKcOH:t5tbuyeM3mWg5XEDptlakO

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks