Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920

  • Size

    1.1MB

  • Sample

    230513-jcv47sfg49

  • MD5

    57098189c9ac0035b8d01948654fd88e

  • SHA1

    c13d0ac4885280f8de54bd6ffaa9c276cd1a9d92

  • SHA256

    67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920

  • SHA512

    8b1e68c065dfa3dc5cc8990c9bfe4642c870fe7aa4477de5e66f586f6b51163d12cccacc8edc9325534a1d8f274c82633ca232a035cde08971c844c49543fd9e

  • SSDEEP

    24576:vyCJKUY/fRnhGN9+EPM8K9RyLtKhjSpK/7Od/8hzjAkCxkxp:6n3BhGn+gM19RyJKh8pWVx

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes
  • auth_value

    8be53af7f78567706928d0abef953ef4

Extracted

Family

redline

Botnet

joana

C2

185.161.248.75:4132

Attributes
  • auth_value

    85090ed112d639bb782481da2912487a

Targets

    • Target

      67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920

    • Size

      1.1MB

    • MD5

      57098189c9ac0035b8d01948654fd88e

    • SHA1

      c13d0ac4885280f8de54bd6ffaa9c276cd1a9d92

    • SHA256

      67e2ed7bf15aa61396794bc48623e14f4f69401b8bf4f9ed9e1fff7d10019920

    • SHA512

      8b1e68c065dfa3dc5cc8990c9bfe4642c870fe7aa4477de5e66f586f6b51163d12cccacc8edc9325534a1d8f274c82633ca232a035cde08971c844c49543fd9e

    • SSDEEP

      24576:vyCJKUY/fRnhGN9+EPM8K9RyLtKhjSpK/7Od/8hzjAkCxkxp:6n3BhGn+gM19RyJKh8pWVx

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks