Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9197ac690941a3e091585557a233b85f593bfec76cc539ef027c406264a94e27

  • Size

    479KB

  • Sample

    230506-wkn23scd2w

  • MD5

    bca67fa198b3f33a2d74e0cde3957eb1

  • SHA1

    8d9ab9f3da814666d4765379f8cd2d77442b7382

  • SHA256

    9197ac690941a3e091585557a233b85f593bfec76cc539ef027c406264a94e27

  • SHA512

    c6a59766101838bb8f067b8e8a064320370f44fa978747ed0433f4c1965034878e453491d47b984fa6e7711da100cce702cfa4135c19dfecbce5966f93b04ce3

  • SSDEEP

    6144:KKy+bnr+Up0yN90QE3Pn1TNfAewsatZ9bwfJTKQnPyRnYNKps5DEvQhhneGh2/kV:mMrQy90hPnVZWaB5nQYNKps2vcsmbv

Malware Config

Extracted

Family

redline

Botnet

dariy

C2

217.196.96.101:4132

Attributes
  • auth_value

    2f34aa0d1cb1023a826825b68ebedcc8

Targets

    • Target

      9197ac690941a3e091585557a233b85f593bfec76cc539ef027c406264a94e27

    • Size

      479KB

    • MD5

      bca67fa198b3f33a2d74e0cde3957eb1

    • SHA1

      8d9ab9f3da814666d4765379f8cd2d77442b7382

    • SHA256

      9197ac690941a3e091585557a233b85f593bfec76cc539ef027c406264a94e27

    • SHA512

      c6a59766101838bb8f067b8e8a064320370f44fa978747ed0433f4c1965034878e453491d47b984fa6e7711da100cce702cfa4135c19dfecbce5966f93b04ce3

    • SSDEEP

      6144:KKy+bnr+Up0yN90QE3Pn1TNfAewsatZ9bwfJTKQnPyRnYNKps5DEvQhhneGh2/kV:mMrQy90hPnVZWaB5nQYNKps2vcsmbv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks