Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4b66072042...ef.exe

windows7-x64

10

4b66072042...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b660720425301f5e1dadb3385a549e7d63288a4076e2613359fee3755a9c0ef.bin

  • Size

    769KB

  • Sample

    230511-w8nq8abf4v

  • MD5

    edc9b44dceb51beecf76b2501ba22a36

  • SHA1

    cc1cae1fd8f2ce27493de6e513f24c101c05c5e8

  • SHA256

    4b660720425301f5e1dadb3385a549e7d63288a4076e2613359fee3755a9c0ef

  • SHA512

    48a8b49a0f0367d15f72e77c3a2de20e3666bd9072f84f48c64deea9dd456e2a649c64b9e3843e43cf66059fd98dd5fe763532728e9833af9af34e225b23752b

  • SSDEEP

    12288:5Mrsy90HtXurxUAa6vMg2dt3ttEk6pl5pJ4lGu0xX63msjm0O10N:1ySuOu7CEt3pJyGPnsjzOaN

Score
10/10
redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      4b660720425301f5e1dadb3385a549e7d63288a4076e2613359fee3755a9c0ef.bin

    • Size

      769KB

    • MD5

      edc9b44dceb51beecf76b2501ba22a36

    • SHA1

      cc1cae1fd8f2ce27493de6e513f24c101c05c5e8

    • SHA256

      4b660720425301f5e1dadb3385a549e7d63288a4076e2613359fee3755a9c0ef

    • SHA512

      48a8b49a0f0367d15f72e77c3a2de20e3666bd9072f84f48c64deea9dd456e2a649c64b9e3843e43cf66059fd98dd5fe763532728e9833af9af34e225b23752b

    • SSDEEP

      12288:5Mrsy90HtXurxUAa6vMg2dt3ttEk6pl5pJ4lGu0xX63msjm0O10N:1ySuOu7CEt3pJyGPnsjzOaN

    Score
    10/10
    redlinemixadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks