Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c

  • Size

    917KB

  • Sample

    230524-b8p9tsac92

  • MD5

    69fe1907a96be93010cb17789ed64e5a

  • SHA1

    d22fdcebef916fb3a7f044671b01539ea1ea42eb

  • SHA256

    8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c

  • SHA512

    c807c3d64c083b5d3c8cf46bac9fd4ac37d8edaecd92d551c3136a55017ab646b93917118cefe36505648a7881f966fd72cc7a86f52ee3e7071b19e9fe3516c7

  • SSDEEP

    24576:4yq1bXLaXhPOF7cfzx/K4IdWqU6yX3dg3DM:/q9XGW9wzEXdU624D

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c

    • Size

      917KB

    • MD5

      69fe1907a96be93010cb17789ed64e5a

    • SHA1

      d22fdcebef916fb3a7f044671b01539ea1ea42eb

    • SHA256

      8dc4d6738d677e20a153374a8ec1ec50c6f0608f40863af190e2992332a80c6c

    • SHA512

      c807c3d64c083b5d3c8cf46bac9fd4ac37d8edaecd92d551c3136a55017ab646b93917118cefe36505648a7881f966fd72cc7a86f52ee3e7071b19e9fe3516c7

    • SSDEEP

      24576:4yq1bXLaXhPOF7cfzx/K4IdWqU6yX3dg3DM:/q9XGW9wzEXdU624D

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks