Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b

  • Size

    1.1MB

  • Sample

    230515-jes3mahf6t

  • MD5

    56da1ad86ab8c98a269779c41ec57368

  • SHA1

    5f3d4535b2e4841d752f63137c76a19f4b4944f4

  • SHA256

    68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b

  • SHA512

    5b592ae72bf563944d9fe5f85f902b85891f08c9864e8b2008c5c1985284b8e9298fb5ec67214f74178fd8ecb32958834c5cc748df94ff00b84eb412d8ab93c0

  • SSDEEP

    24576:Iyr0k8eBc7MchNURdyc6+PQAR+Uapyg2BFVHePCNvKel:PH8/7M4mRn6+4AR+U3XFVHePsv

Malware Config

Extracted

Family

redline

Botnet

muza

C2

185.161.248.75:4132

Attributes
  • auth_value

    99f39e1ac98e0c0a729ab27594e72bc3

Extracted

Family

redline

Botnet

horor

C2

185.161.248.75:4132

Attributes
  • auth_value

    b8d506fe48db15c38fb031d07f42d529

Targets

    • Target

      68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b

    • Size

      1.1MB

    • MD5

      56da1ad86ab8c98a269779c41ec57368

    • SHA1

      5f3d4535b2e4841d752f63137c76a19f4b4944f4

    • SHA256

      68682c81c44e6031254784a1e22ab6ba20293e8204a96509b53b5a220aac786b

    • SHA512

      5b592ae72bf563944d9fe5f85f902b85891f08c9864e8b2008c5c1985284b8e9298fb5ec67214f74178fd8ecb32958834c5cc748df94ff00b84eb412d8ab93c0

    • SSDEEP

      24576:Iyr0k8eBc7MchNURdyc6+PQAR+Uapyg2BFVHePCNvKel:PH8/7M4mRn6+4AR+U3XFVHePsv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks