Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e67313cba3a83416503c6f073acb35d56e8f17f55f3c0118d89f8e167ed02c81

  • Size

    767KB

  • Sample

    230525-158z7sdc7t

  • MD5

    914cb5cdd7b966d2c49b0b4e2a64fe22

  • SHA1

    e4b9ffc772d4c8c3e4a6e8135d1aafc7816e0cba

  • SHA256

    e67313cba3a83416503c6f073acb35d56e8f17f55f3c0118d89f8e167ed02c81

  • SHA512

    acc0f82d4d8b6de95444ff6fe82957fbb05ddac5c4f64825fd224ebd0d6dfd578619d68f2314843939991bfa74cd1f481d03dde276256f21eaa902fa10e93431

  • SSDEEP

    12288:2Mr3y90gcHukaOYbDxBeC9CepJ5OjjEmqqBijHvGkBrhnM8tIW+MEU8pxb:Ry+HukaOYxBezwxmqqBwukdhM81+e8pF

Malware Config

Extracted

Family

redline

Botnet

dina

C2

83.97.73.122:19062

Attributes
  • auth_value

    4f77073adc624269de1bff760b9bc471

Extracted

Family

redline

Botnet

greg

C2

83.97.73.122:19062

Attributes
  • auth_value

    4c966a90781c6b4ab7f512d018696362

Targets

    • Target

      e67313cba3a83416503c6f073acb35d56e8f17f55f3c0118d89f8e167ed02c81

    • Size

      767KB

    • MD5

      914cb5cdd7b966d2c49b0b4e2a64fe22

    • SHA1

      e4b9ffc772d4c8c3e4a6e8135d1aafc7816e0cba

    • SHA256

      e67313cba3a83416503c6f073acb35d56e8f17f55f3c0118d89f8e167ed02c81

    • SHA512

      acc0f82d4d8b6de95444ff6fe82957fbb05ddac5c4f64825fd224ebd0d6dfd578619d68f2314843939991bfa74cd1f481d03dde276256f21eaa902fa10e93431

    • SSDEEP

      12288:2Mr3y90gcHukaOYbDxBeC9CepJ5OjjEmqqBijHvGkBrhnM8tIW+MEU8pxb:Ry+HukaOYxBezwxmqqBwukdhM81+e8pF

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks