Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f56a267bcff6f4042bc3533f844a9a94a6fb2a1b1f8002b491b4c79eeb462a83

  • Size

    991KB

  • Sample

    230524-ly65psce2y

  • MD5

    eb77e77100114998d678375c26dbeb0f

  • SHA1

    724311124b2573d988bfc35557c86b11db7c9aed

  • SHA256

    f56a267bcff6f4042bc3533f844a9a94a6fb2a1b1f8002b491b4c79eeb462a83

  • SHA512

    2ed03a57d78857ee41eda2a96a2d732e51877e1a48cda6ce28ff29825fcdd96fac7cc774fbe16b413c3f32e248651c4974cdf155226f5e2b25cb3e621a1fbde9

  • SSDEEP

    24576:pyRAwkyxc75H6BNRsefiB1YgriHiGvLoNpMO:cRAryxc71ofK1YgriH6

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a764aa41830c77712442516d143bc9c

Extracted

Family

redline

Botnet

mesu

C2

83.97.73.122:19062

Attributes
  • auth_value

    8ede6a157d1d9509a21427d10e999ba2

Targets

    • Target

      f56a267bcff6f4042bc3533f844a9a94a6fb2a1b1f8002b491b4c79eeb462a83

    • Size

      991KB

    • MD5

      eb77e77100114998d678375c26dbeb0f

    • SHA1

      724311124b2573d988bfc35557c86b11db7c9aed

    • SHA256

      f56a267bcff6f4042bc3533f844a9a94a6fb2a1b1f8002b491b4c79eeb462a83

    • SHA512

      2ed03a57d78857ee41eda2a96a2d732e51877e1a48cda6ce28ff29825fcdd96fac7cc774fbe16b413c3f32e248651c4974cdf155226f5e2b25cb3e621a1fbde9

    • SSDEEP

      24576:pyRAwkyxc75H6BNRsefiB1YgriHiGvLoNpMO:cRAryxc71ofK1YgriH6

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks