Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe

  • Size

    1.1MB

  • Sample

    230514-w6nnfacg66

  • MD5

    c2d2c2abfa0804f6f007301b70a04340

  • SHA1

    4b0ccb4a94a42861cf511fe91d930b2064b40dcf

  • SHA256

    c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f

  • SHA512

    e645497abcff50452d7d3f9650a2a373619e929ac8579273b598c0f1022736f2d3e418ee213c151930f6ee8fda82952ced990142a99e836b763ef48458f1d596

  • SSDEEP

    24576:myHsfkwIO9IOmD9IlEokBl3SirSAykdEpfKhcVQmMytMpEKcYsnGVw5:1HsMjO9IO2yEokD3VuAuJKhetMpvvV

Malware Config

Extracted

Family

redline

Botnet

miran

C2

185.161.248.75:4132

Attributes
  • auth_value

    f1084732cb99b2cbe314a2a565371e6c

Extracted

Family

redline

Botnet

raven

C2

185.161.248.75:4132

Attributes
  • auth_value

    8b22c01d6173ecee1376933bc63c6028

Targets

    • Target

      c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f.exe

    • Size

      1.1MB

    • MD5

      c2d2c2abfa0804f6f007301b70a04340

    • SHA1

      4b0ccb4a94a42861cf511fe91d930b2064b40dcf

    • SHA256

      c30b4fb833c6e6c5cc0307e82746de060e08980c10d9113fbcf16324ed43841f

    • SHA512

      e645497abcff50452d7d3f9650a2a373619e929ac8579273b598c0f1022736f2d3e418ee213c151930f6ee8fda82952ced990142a99e836b763ef48458f1d596

    • SSDEEP

      24576:myHsfkwIO9IOmD9IlEokBl3SirSAykdEpfKhcVQmMytMpEKcYsnGVw5:1HsMjO9IO2yEokD3VuAuJKhetMpvvV

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks