Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    1.0MB

  • Sample

    230522-t1nedacb5v

  • MD5

    500a900209bf79593eebdc631a4782d6

  • SHA1

    2402b7ee33b390cfb3ad60ad7c26e845c728a6f4

  • SHA256

    c6547bf7e74c415432f5f3b3d723fe175c984b29c4768bec2943f9ae6369e264

  • SHA512

    b3de64a1e82e3ba8c2d4487b7dd9c29f9633ea88b9fdc3fdc8e4a6b49b1d352111b90fee4c357b99ff0063926a2273d08beb4df2cc2f629bad6492efc650f3eb

  • SSDEEP

    24576:oyeMNZsOQLkfIDCP53TlzvCpMWWby8KpKcTDYG81ORBYxBWkN:vJZsOQYfIDKepVe9KphYPOr6gk

Malware Config

Extracted

Family

redline

Botnet

mix

C2

77.91.124.251:19065

Attributes
  • auth_value

    5034ed53489733b1fbaf2777113a7d90

Targets

    • Target

      tmp

    • Size

      1.0MB

    • MD5

      500a900209bf79593eebdc631a4782d6

    • SHA1

      2402b7ee33b390cfb3ad60ad7c26e845c728a6f4

    • SHA256

      c6547bf7e74c415432f5f3b3d723fe175c984b29c4768bec2943f9ae6369e264

    • SHA512

      b3de64a1e82e3ba8c2d4487b7dd9c29f9633ea88b9fdc3fdc8e4a6b49b1d352111b90fee4c357b99ff0063926a2273d08beb4df2cc2f629bad6492efc650f3eb

    • SSDEEP

      24576:oyeMNZsOQLkfIDCP53TlzvCpMWWby8KpKcTDYG81ORBYxBWkN:vJZsOQYfIDKepVe9KphYPOr6gk

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks