Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    88c1ee32fb16e295b2e845bd8dd51b93.bin

  • Size

    1.1MB

  • Sample

    230516-bxbx3aba28

  • MD5

    b5b37688e94fc231cb76947f04da385e

  • SHA1

    db926609027fd6417504c19f263259a9f0a22afd

  • SHA256

    d3c578d67f4b321043fb94c00706cce0db0b5fd3917e725313f3db609aa092e9

  • SHA512

    0d2d809d8542c1296c8281a244999e304bd1f24b85f31fbeb779a98d7b0dcddcd7a7349d3d0f424a3fc56e5b0281aafa6ae7483923829a1a4cbf978a165b463c

  • SSDEEP

    24576:KLu8AKSdR8K8AZLz25WlpGjt1wtqjPaIdNAiHX1TnGExwyaG:KLPAK8OKFVzJpEIEpN331oyf

Malware Config

Extracted

Family

redline

Botnet

mufta

C2

185.161.248.75:4132

Attributes
  • auth_value

    171bdaad6dbf652c48d4e9334c756dfa

Extracted

Family

redline

Botnet

fuga

C2

185.161.248.75:4132

Attributes
  • auth_value

    7c5144ad645deb9fa21680fdaee0d51f

Targets

    • Target

      fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680.exe

    • Size

      1.1MB

    • MD5

      88c1ee32fb16e295b2e845bd8dd51b93

    • SHA1

      6be47a42849f15f565da66dfa097f6b5265f5075

    • SHA256

      fecf856b99edb62d300108f908c3fd958e74291ab84f9f3114caaaf9de229680

    • SHA512

      577ba596c746d173c7a6718e3af8c9c166a28813cbbb73abecc370bb54ff73edfe99c25f432182b037df90c393eade4577c3f8a86c8b15e2a26bb5677fcf443e

    • SSDEEP

      24576:+yABLYhtlEtECOl426WoU44ZkiyW0RHWNBc2DX3MI:NAurlEtEe8xy2o

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks