Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47

  • Size

    982KB

  • Sample

    230525-byltnaff73

  • MD5

    e0d1dce047e5d786a0c3b1792e0c132c

  • SHA1

    871efdab8717cb6ff59bdd82804731b96d113965

  • SHA256

    84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47

  • SHA512

    5a216282331f45e314ec3bc16152e8a78c3251428d47f406c28157af4f0c2bdd1385b63299b39950d9d59f40e592ec9045538a916d4930982e9a1796ed38c297

  • SSDEEP

    24576:ry9MbiznEd/93kFrDlxVbjTAkBhydMAtuLFDkfJ2/5:e9g0+/JkFrDHVrAahqdEt9

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.122:19062

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Extracted

Family

redline

Botnet

haval

C2

83.97.73.122:19062

Attributes
  • auth_value

    d23dec6813deb04eb8abd82657a9b0af

Targets

    • Target

      84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47

    • Size

      982KB

    • MD5

      e0d1dce047e5d786a0c3b1792e0c132c

    • SHA1

      871efdab8717cb6ff59bdd82804731b96d113965

    • SHA256

      84c5862f16628c85a4618e5b8deea0f7dde70498589803e9bfaf9c35cd7c8d47

    • SHA512

      5a216282331f45e314ec3bc16152e8a78c3251428d47f406c28157af4f0c2bdd1385b63299b39950d9d59f40e592ec9045538a916d4930982e9a1796ed38c297

    • SSDEEP

      24576:ry9MbiznEd/93kFrDlxVbjTAkBhydMAtuLFDkfJ2/5:e9g0+/JkFrDHVrAahqdEt9

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks