Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    notifier578.exe

  • Size

    1.0MB

  • Sample

    230522-hekwksee82

  • MD5

    ef68b88498ccb6e7b5793a8b17176c9b

  • SHA1

    d37a8e99da8adbdcee4baf23f83636deae2c6328

  • SHA256

    8438cd37a6e0aec36c84b4d18ce8005fe856f7b3ebd26d2de58610eab1418a14

  • SHA512

    2d3f62baf691b276609e148d3a166bf1ab2772822583348dbd4fe7f6127507b691777282c1173a9eaeb42d49536f7ac36a31c4df6ab1e5030050a5530e8735c6

  • SSDEEP

    24576:qyopOyTwkYuzrX5qjxUTxqmjzv2U8DEVOJ0AyS6rJPnfaRaP7Kxz4:xoYyTwh2rX5qjxUDjzeDEsD6rJPnfoKk

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      notifier578.exe

    • Size

      1.0MB

    • MD5

      ef68b88498ccb6e7b5793a8b17176c9b

    • SHA1

      d37a8e99da8adbdcee4baf23f83636deae2c6328

    • SHA256

      8438cd37a6e0aec36c84b4d18ce8005fe856f7b3ebd26d2de58610eab1418a14

    • SHA512

      2d3f62baf691b276609e148d3a166bf1ab2772822583348dbd4fe7f6127507b691777282c1173a9eaeb42d49536f7ac36a31c4df6ab1e5030050a5530e8735c6

    • SSDEEP

      24576:qyopOyTwkYuzrX5qjxUTxqmjzv2U8DEVOJ0AyS6rJPnfaRaP7Kxz4:xoYyTwh2rX5qjxUDjzeDEsD6rJPnfoKk

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks