Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b

  • Size

    1.0MB

  • Sample

    230521-f1mk7aba2w

  • MD5

    2132cca53b2af1154984382a85596411

  • SHA1

    5efc38f0caf6d415c1a7fc899fea3596a9ed3759

  • SHA256

    c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b

  • SHA512

    99a6bceb1e02af6472e94570ace9329750efe38e07577815143756635741f9a2004c7d887797479a26d7b701c0f018f282c19c14764141d430e6ff4e9cbb0ff6

  • SSDEEP

    24576:LyjBF9KUmuR5cU3/qV18RyoUghzI+aMweFqd1LoUu:+JKMB3/qUyN0IAwe0LoU

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b

    • Size

      1.0MB

    • MD5

      2132cca53b2af1154984382a85596411

    • SHA1

      5efc38f0caf6d415c1a7fc899fea3596a9ed3759

    • SHA256

      c4d5b664cfccddfba1e59f467a050db7f6cee1d75a6a265a4bcdc8bc717c230b

    • SHA512

      99a6bceb1e02af6472e94570ace9329750efe38e07577815143756635741f9a2004c7d887797479a26d7b701c0f018f282c19c14764141d430e6ff4e9cbb0ff6

    • SSDEEP

      24576:LyjBF9KUmuR5cU3/qV18RyoUghzI+aMweFqd1LoUu:+JKMB3/qUyN0IAwe0LoU

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks