Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a03ac67b723ab520e723bfb5ce7ee63a.exe

  • Size

    1.5MB

  • Sample

    230504-e9dh7shh42

  • MD5

    a03ac67b723ab520e723bfb5ce7ee63a

  • SHA1

    48fbd7438e862c61bc5b83c6fb18ffd9083fecf0

  • SHA256

    809eb24c5a3bc2678f535a943a6d6a1be2ff4639222e95bb95526c1bfce05d97

  • SHA512

    e32150382eee145f7db52a515ef2e2e515cbc3b40bd9eb7f255576d3d2036473d8963a59343c12d849403e34f05e075754c516c5fe8136251788f89a1c5bc886

  • SSDEEP

    24576:xyms97P3IhtNPX8ttwLgVF/vJaKm8LxKXJlN3qpVomI+DYyS2H5J7GMhUfOJlbp4:k3wrMEKUKd67eVomH5dHvGMhW4Xc8pw6

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Extracted

Family

redline

Botnet

boom

C2

217.196.96.56:4138

Attributes
  • auth_value

    1ce6aebe15bac07a7bc88b114bc49335

Targets

    • Target

      a03ac67b723ab520e723bfb5ce7ee63a.exe

    • Size

      1.5MB

    • MD5

      a03ac67b723ab520e723bfb5ce7ee63a

    • SHA1

      48fbd7438e862c61bc5b83c6fb18ffd9083fecf0

    • SHA256

      809eb24c5a3bc2678f535a943a6d6a1be2ff4639222e95bb95526c1bfce05d97

    • SHA512

      e32150382eee145f7db52a515ef2e2e515cbc3b40bd9eb7f255576d3d2036473d8963a59343c12d849403e34f05e075754c516c5fe8136251788f89a1c5bc886

    • SSDEEP

      24576:xyms97P3IhtNPX8ttwLgVF/vJaKm8LxKXJlN3qpVomI+DYyS2H5J7GMhUfOJlbp4:k3wrMEKUKd67eVomH5dHvGMhW4Xc8pw6

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks