Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    596fcd896cd32838c94315ac0116f7bee104e98a3adf65cb4b741ddfac74d458

  • Size

    875KB

  • Sample

    230524-qygx2acg35

  • MD5

    63ddb67ad363faf3396f502ac48fd53b

  • SHA1

    76c3d878cf033c6ab6b99c67961521924bc9ffc2

  • SHA256

    596fcd896cd32838c94315ac0116f7bee104e98a3adf65cb4b741ddfac74d458

  • SHA512

    9eb22e6cf4c0f18e6167b98d5ef317ba41b00abeab3347f7235fc0b4f319a45a0c35292cf758f8ef15824fba964721b65e02428755e6b951ba7ae786c0a95f4a

  • SSDEEP

    24576:RyouBg05worjeV5GUkDnJisD5eMh2s7Q:EZBg05jifcJikBhn

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.122:19062

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

mesu

C2

83.97.73.122:19062

Attributes
  • auth_value

    8ede6a157d1d9509a21427d10e999ba2

Targets

    • Target

      596fcd896cd32838c94315ac0116f7bee104e98a3adf65cb4b741ddfac74d458

    • Size

      875KB

    • MD5

      63ddb67ad363faf3396f502ac48fd53b

    • SHA1

      76c3d878cf033c6ab6b99c67961521924bc9ffc2

    • SHA256

      596fcd896cd32838c94315ac0116f7bee104e98a3adf65cb4b741ddfac74d458

    • SHA512

      9eb22e6cf4c0f18e6167b98d5ef317ba41b00abeab3347f7235fc0b4f319a45a0c35292cf758f8ef15824fba964721b65e02428755e6b951ba7ae786c0a95f4a

    • SSDEEP

      24576:RyouBg05worjeV5GUkDnJisD5eMh2s7Q:EZBg05jifcJikBhn

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks