Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    17a6a82d95ec43974e9b840938ea700b732a129db37262d2c76ad73a91f2d954

  • Size

    479KB

  • Sample

    230506-x3vs1scf2y

  • MD5

    64ac2455e4fa49b3f50a0762de141494

  • SHA1

    39b9bdc6ad4b6bed645dc52d6a582c6a7b3c8a88

  • SHA256

    17a6a82d95ec43974e9b840938ea700b732a129db37262d2c76ad73a91f2d954

  • SHA512

    c3ebd93559154f219f491d21841e0a3fd942fa1553bb7e79a2678d1381c2abe2062ab37f7df3c3b944a96d9f6b19a22924511baaf64432d265c20c03b9d4b623

  • SSDEEP

    12288:CMriy90ECObWm4b5c1u31lTwyS/ZLWngbaJ34wc/Jb:8yovmSXvT9S/RW1A/t

Malware Config

Extracted

Family

redline

Botnet

dariy

C2

217.196.96.101:4132

Attributes
  • auth_value

    2f34aa0d1cb1023a826825b68ebedcc8

Targets

    • Target

      17a6a82d95ec43974e9b840938ea700b732a129db37262d2c76ad73a91f2d954

    • Size

      479KB

    • MD5

      64ac2455e4fa49b3f50a0762de141494

    • SHA1

      39b9bdc6ad4b6bed645dc52d6a582c6a7b3c8a88

    • SHA256

      17a6a82d95ec43974e9b840938ea700b732a129db37262d2c76ad73a91f2d954

    • SHA512

      c3ebd93559154f219f491d21841e0a3fd942fa1553bb7e79a2678d1381c2abe2062ab37f7df3c3b944a96d9f6b19a22924511baaf64432d265c20c03b9d4b623

    • SSDEEP

      12288:CMriy90ECObWm4b5c1u31lTwyS/ZLWngbaJ34wc/Jb:8yovmSXvT9S/RW1A/t

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks