Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

  • Size

    1.1MB

  • Sample

    230515-wdrvdsgg27

  • MD5

    57457c22f7a5f148909b7c412512dcbf

  • SHA1

    f1c32d49b3124870c71067840671fae3bf6eb42d

  • SHA256

    81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

  • SHA512

    946144a8f7487a1e29ee4a411947ed444b1940fde4668e82588db6dea6533bd86b6bc0d7c4a3fd76c50583366de48a545efe883c9ee48b87f73526db45428574

  • SSDEEP

    24576:JyGK4uOm4pLVras2ugYrAPoqYHKmzIzyy2X:814Xm45NF2RYHvHKmkO

Malware Config

Extracted

Family

redline

Botnet

laris

C2

185.161.248.25:4132

Attributes
  • auth_value

    8774964465c41ab67a0a17432b084e1e

Extracted

Family

redline

Botnet

naher

C2

185.161.248.25:4132

Attributes
  • auth_value

    91f06fcf80f600c56b2797e1c73d214d

Targets

    • Target

      81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

    • Size

      1.1MB

    • MD5

      57457c22f7a5f148909b7c412512dcbf

    • SHA1

      f1c32d49b3124870c71067840671fae3bf6eb42d

    • SHA256

      81d3baa68d55bcf8183f0527bc9677b8e348f7724e4bb91d8311d8294f7411ff

    • SHA512

      946144a8f7487a1e29ee4a411947ed444b1940fde4668e82588db6dea6533bd86b6bc0d7c4a3fd76c50583366de48a545efe883c9ee48b87f73526db45428574

    • SSDEEP

      24576:JyGK4uOm4pLVras2ugYrAPoqYHKmzIzyy2X:814Xm45NF2RYHvHKmkO

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks