Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9868b6a11afc49356e749ceaf6de33dcded017f03f2210511f33dcd6f721a5af

  • Size

    874KB

  • Sample

    230512-cbrxtsbc68

  • MD5

    d1c2ee10d86d4b6d0c198daf4289c051

  • SHA1

    1f17d5f838b89aa47726bb728c4d7d05acaef2eb

  • SHA256

    9868b6a11afc49356e749ceaf6de33dcded017f03f2210511f33dcd6f721a5af

  • SHA512

    177fdcd677cc2874b16b478921d5a989ee03100b42dbc4c64c6d126d93068fcbb602a2cc6cf99b8b9771cb6829eff34c9a9b112206f1e9bd827bdedaea9c43b1

  • SSDEEP

    12288:tMrey90oYNSeV45mWiNshTH8uiRbF2QAVZkdn8ZoOXlOs1tmO4XcR6hsStQa:byGSEXNgH8DRR2QAVZkd8ZDEUsOMQ70

Malware Config

Extracted

Family

redline

Botnet

dimas

C2

185.161.248.75:4132

Attributes
  • auth_value

    a5db9b1c53c704e612bccc93ccdb5539

Extracted

Family

redline

Botnet

roza

C2

185.161.248.75:4132

Attributes
  • auth_value

    3e701c8c522386806a8f1f40a90873a7

Targets

    • Target

      9868b6a11afc49356e749ceaf6de33dcded017f03f2210511f33dcd6f721a5af

    • Size

      874KB

    • MD5

      d1c2ee10d86d4b6d0c198daf4289c051

    • SHA1

      1f17d5f838b89aa47726bb728c4d7d05acaef2eb

    • SHA256

      9868b6a11afc49356e749ceaf6de33dcded017f03f2210511f33dcd6f721a5af

    • SHA512

      177fdcd677cc2874b16b478921d5a989ee03100b42dbc4c64c6d126d93068fcbb602a2cc6cf99b8b9771cb6829eff34c9a9b112206f1e9bd827bdedaea9c43b1

    • SSDEEP

      12288:tMrey90oYNSeV45mWiNshTH8uiRbF2QAVZkdn8ZoOXlOs1tmO4XcR6hsStQa:byGSEXNgH8DRR2QAVZkd8ZDEUsOMQ70

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks