Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94

  • Size

    1022KB

  • Sample

    230521-vn8p8abd28

  • MD5

    30a8554c041a232b985b9b5ac0fca14a

  • SHA1

    fc18a4375574f21c479c7c6114b0b26041c0fa5f

  • SHA256

    e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94

  • SHA512

    ce593396e8a4f63964f9ba76c92044d5f4ffa0b68c86a5d9427743ca968d99b96eb4ed94badc6b8b296738234fb82c897d9cdfafe6a08dce5fbc977e50805524

  • SSDEEP

    24576:OyJIZqTgVaHG2Qq5/06fHk9oeHqzXEVUZsASPNn:dJIMTRHG2Qq5/0CHI/HqLEVOsA

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94

    • Size

      1022KB

    • MD5

      30a8554c041a232b985b9b5ac0fca14a

    • SHA1

      fc18a4375574f21c479c7c6114b0b26041c0fa5f

    • SHA256

      e8dc9bb8a687a0a322b422159bd3a1441a463204b802c0a8586624219fd53a94

    • SHA512

      ce593396e8a4f63964f9ba76c92044d5f4ffa0b68c86a5d9427743ca968d99b96eb4ed94badc6b8b296738234fb82c897d9cdfafe6a08dce5fbc977e50805524

    • SSDEEP

      24576:OyJIZqTgVaHG2Qq5/06fHk9oeHqzXEVUZsASPNn:dJIMTRHG2Qq5/0CHI/HqLEVOsA

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks