Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    519850fddd2741313995a32945a4381e52c045b393796b65a97b0558de2d80cf

  • Size

    478KB

  • Sample

    230509-dtxfpsfh7y

  • MD5

    74bd62a42148bf60224d73bc16f75b3f

  • SHA1

    5a276efb3826f7aa432bdf0d3444237dddd2c663

  • SHA256

    519850fddd2741313995a32945a4381e52c045b393796b65a97b0558de2d80cf

  • SHA512

    cf08c1635c359ce51e32903bb607f4b6c6d0d013dcd722e7020c1073216b3b4d5a1e743f7b8efb46682af660ddaaa5b49160c90f96db7d29a75cbbbec6921aa5

  • SSDEEP

    12288:jMrUy90MZz13w5c0WR2QKTONOgDUT+j7MTMbEvZJrnQdkwV:nyhZz13K4bMOckB7rEB1QSwV

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      519850fddd2741313995a32945a4381e52c045b393796b65a97b0558de2d80cf

    • Size

      478KB

    • MD5

      74bd62a42148bf60224d73bc16f75b3f

    • SHA1

      5a276efb3826f7aa432bdf0d3444237dddd2c663

    • SHA256

      519850fddd2741313995a32945a4381e52c045b393796b65a97b0558de2d80cf

    • SHA512

      cf08c1635c359ce51e32903bb607f4b6c6d0d013dcd722e7020c1073216b3b4d5a1e743f7b8efb46682af660ddaaa5b49160c90f96db7d29a75cbbbec6921aa5

    • SSDEEP

      12288:jMrUy90MZz13w5c0WR2QKTONOgDUT+j7MTMbEvZJrnQdkwV:nyhZz13K4bMOckB7rEB1QSwV

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks