Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.bin

  • Size

    875KB

  • Sample

    230511-w9xerahf24

  • MD5

    1f060c2b8b90496ce9e40f3d97b39da9

  • SHA1

    f2a10dd0d743b4d7e503e16ccb690bb568454b82

  • SHA256

    94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01

  • SHA512

    128f62b211609695e11a338f8c165c956410afda012bec01c76def8b91515cad85505c41f96a25a1d631920d9e1db45639cf74a1e5df4a0ff2c8f29121d7134b

  • SSDEEP

    24576:Zyw+o2+3snRmsSDY4Cgh6sCWylRFvfXl1BB:MZSKihtcrJXlz

Malware Config

Extracted

Family

redline

Botnet

mixer

C2

185.161.248.75:4132

Attributes
  • auth_value

    3668eba4f0cb1021a9e9ed55e76ed85e

Extracted

Family

redline

Botnet

roza

C2

185.161.248.75:4132

Attributes
  • auth_value

    3e701c8c522386806a8f1f40a90873a7

Targets

    • Target

      94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01.bin

    • Size

      875KB

    • MD5

      1f060c2b8b90496ce9e40f3d97b39da9

    • SHA1

      f2a10dd0d743b4d7e503e16ccb690bb568454b82

    • SHA256

      94ea40e4cc4298ec08fda6845a3d66b314319369dd27070a475e214845906c01

    • SHA512

      128f62b211609695e11a338f8c165c956410afda012bec01c76def8b91515cad85505c41f96a25a1d631920d9e1db45639cf74a1e5df4a0ff2c8f29121d7134b

    • SSDEEP

      24576:Zyw+o2+3snRmsSDY4Cgh6sCWylRFvfXl1BB:MZSKihtcrJXlz

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks