Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d11ee018290677b3c0a13fe74077041efde21c8161cfcfa1834165e868201b6e

  • Size

    1.0MB

  • Sample

    230523-h7tn7afb7v

  • MD5

    f03e3560a2ebc0a6bd459b9987da48dc

  • SHA1

    319c90171a1dde8d8b0a928c748b56eb3ac966bb

  • SHA256

    d11ee018290677b3c0a13fe74077041efde21c8161cfcfa1834165e868201b6e

  • SHA512

    023eee69802eef7b06f04fb57bb2d65b97a159388c8dcb29aee17b8d40a672565aafbf91a568ff6ddd6a451b5b64b84c024964be6d37ccc6702807655bf0c967

  • SSDEEP

    24576:3uyyLarkLIirvENtcJh0rFMyOuDAt+gWt+jM6rjFXFXN:39ynkJtG0rFtTcjFVX

Malware Config

Extracted

Family

redline

Botnet

muxa

C2

77.91.68.157:19065

Attributes
  • auth_value

    2aa20db2a108f11cdb3b9e2729b02d99

Targets

    • Target

      d11ee018290677b3c0a13fe74077041efde21c8161cfcfa1834165e868201b6e

    • Size

      1.0MB

    • MD5

      f03e3560a2ebc0a6bd459b9987da48dc

    • SHA1

      319c90171a1dde8d8b0a928c748b56eb3ac966bb

    • SHA256

      d11ee018290677b3c0a13fe74077041efde21c8161cfcfa1834165e868201b6e

    • SHA512

      023eee69802eef7b06f04fb57bb2d65b97a159388c8dcb29aee17b8d40a672565aafbf91a568ff6ddd6a451b5b64b84c024964be6d37ccc6702807655bf0c967

    • SSDEEP

      24576:3uyyLarkLIirvENtcJh0rFMyOuDAt+gWt+jM6rjFXFXN:39ynkJtG0rFtTcjFVX

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks