Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20

  • Size

    916KB

  • Sample

    230524-a15twaab33

  • MD5

    4ab0a8e10b4ce44f8b89c01d1b603338

  • SHA1

    be65e9c790a38054af5514b831c16d655226b739

  • SHA256

    8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20

  • SHA512

    64a75c28a57ad0123712b16c5e653bc46bd8ae0352e446a9b72463f7b322b00996744d8d90b2eaedaf53134aa0f7e25ed3b11c80241a67bb84438e1826e2bb9b

  • SSDEEP

    24576:MyhBQG890qGNIWF1qxg88Yk+4SJaVKoDO97B2:7hBZ890CWl88YkhqaQo8

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20

    • Size

      916KB

    • MD5

      4ab0a8e10b4ce44f8b89c01d1b603338

    • SHA1

      be65e9c790a38054af5514b831c16d655226b739

    • SHA256

      8aaa8a463b18e95a8ca0d3979da64af9de8e663564ca069ff6e5ff544c58ce20

    • SHA512

      64a75c28a57ad0123712b16c5e653bc46bd8ae0352e446a9b72463f7b322b00996744d8d90b2eaedaf53134aa0f7e25ed3b11c80241a67bb84438e1826e2bb9b

    • SSDEEP

      24576:MyhBQG890qGNIWF1qxg88Yk+4SJaVKoDO97B2:7hBZ890CWl88YkhqaQo8

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks