Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5

  • Size

    587KB

  • Sample

    230504-jrartacf8x

  • MD5

    53fbce78f80838f397e3ceb60cbe9f13

  • SHA1

    a01e83220a4108df5919ae24f72bfe1f1e60fec6

  • SHA256

    f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5

  • SHA512

    ea0b023a0b244bef57854ece6f5918a56c18123b60116607af52913ae028adb66878a1b6316cde291eb5484d76119b94660be05d345fd5c2707b9d3360e90dc9

  • SSDEEP

    12288:uMrMy90IPcJNEtklr4Hah8Ffmaanw84o+2+wLY1l3C+Tyh:SyxWy6hgufw84BdwLuly+Tyh

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5

    • Size

      587KB

    • MD5

      53fbce78f80838f397e3ceb60cbe9f13

    • SHA1

      a01e83220a4108df5919ae24f72bfe1f1e60fec6

    • SHA256

      f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5

    • SHA512

      ea0b023a0b244bef57854ece6f5918a56c18123b60116607af52913ae028adb66878a1b6316cde291eb5484d76119b94660be05d345fd5c2707b9d3360e90dc9

    • SSDEEP

      12288:uMrMy90IPcJNEtklr4Hah8Ffmaanw84o+2+wLY1l3C+Tyh:SyxWy6hgufw84BdwLuly+Tyh

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks