Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50

  • Size

    1.1MB

  • Sample

    230515-zwqa3afh41

  • MD5

    b59d6aca9586a2de491c47f5311840e4

  • SHA1

    45cd2d7f9cd447b783e39489d9e852e6b31277dc

  • SHA256

    7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50

  • SHA512

    1bda116ac7245489dada0378941fbafdfe4adbecc8e7eb04c3d6a02bfc7c3f907c9e3d9876ee72b698ee514784f95a379fe0de86a1c01694a45db62c3fe1f277

  • SSDEEP

    24576:Nya/pF9BUrcLarL3/Iq/SWK2qGuSu0biq+ku5t+qaA4lzOU+kWPIPgiA2:oYaQLG3/BI2qDelmtCOUJiIPQ

Malware Config

Extracted

Family

redline

Botnet

maza

C2

185.161.248.25:4132

Attributes
  • auth_value

    474d54c1c2f5291290c53f8378acd684

Extracted

Family

redline

Botnet

sister

C2

185.161.248.25:4132

Attributes
  • auth_value

    61021810f83e6d5e6ff303aaac03c0e1

Targets

    • Target

      7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50

    • Size

      1.1MB

    • MD5

      b59d6aca9586a2de491c47f5311840e4

    • SHA1

      45cd2d7f9cd447b783e39489d9e852e6b31277dc

    • SHA256

      7a9fe7546c59b37b7f2f4b3d684d68cb91dfd7c64e08824ccbf9b92148846c50

    • SHA512

      1bda116ac7245489dada0378941fbafdfe4adbecc8e7eb04c3d6a02bfc7c3f907c9e3d9876ee72b698ee514784f95a379fe0de86a1c01694a45db62c3fe1f277

    • SSDEEP

      24576:Nya/pF9BUrcLarL3/Iq/SWK2qGuSu0biq+ku5t+qaA4lzOU+kWPIPgiA2:oYaQLG3/BI2qDelmtCOUJiIPQ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks