Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/10/2022, 13:28

221017-qqmhjsbhe5 10

16/10/2022, 20:51

221016-zm5pdsaccp 10

General

  • Target

    56ad4d7aac399dd64beaced638a6000f.exe

  • Size

    470KB

  • Sample

    221016-zm5pdsaccp

  • MD5

    56ad4d7aac399dd64beaced638a6000f

  • SHA1

    40724b8432d5a5ee18ca52645a56a80349ae5ace

  • SHA256

    a96519061c8c1af420d77cff87fcb88f409db5328dac7df3a91c235bc4ee5eec

  • SHA512

    cc6038ffd3b1eff55f18e9f37f8a277c0ab9a589b9f93c2e82c30db4773ccc7d0ce5e213adee018e6146079ced5034fbe518463c94d9b3462d84315dd3a7012b

  • SSDEEP

    6144:Hhb/Jr6KmZ4hihQonw60Ub0qS0YHUkX+v0w15QHvNyu8/Z4oOffzlKOMP5FajXs:Nhr6Ktihfw663X+M6gyBzOf7+5Ej

Malware Config

Extracted

Family

redline

Botnet

12.10 mix

C2

95.216.252.180:19924

Attributes
  • auth_value

    68e8cd0331889a05c2fabf0a7595d2bf

Targets

    • Target

      56ad4d7aac399dd64beaced638a6000f.exe

    • Size

      470KB

    • MD5

      56ad4d7aac399dd64beaced638a6000f

    • SHA1

      40724b8432d5a5ee18ca52645a56a80349ae5ace

    • SHA256

      a96519061c8c1af420d77cff87fcb88f409db5328dac7df3a91c235bc4ee5eec

    • SHA512

      cc6038ffd3b1eff55f18e9f37f8a277c0ab9a589b9f93c2e82c30db4773ccc7d0ce5e213adee018e6146079ced5034fbe518463c94d9b3462d84315dd3a7012b

    • SSDEEP

      6144:Hhb/Jr6KmZ4hihQonw60Ub0qS0YHUkX+v0w15QHvNyu8/Z4oOffzlKOMP5FajXs:Nhr6Ktihfw663X+M6gyBzOf7+5Ej

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks