Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5

  • Size

    983KB

  • Sample

    230525-c7p34sgc5t

  • MD5

    9cc731cd92badaff73f62dcde7cfe76d

  • SHA1

    aebbfb76f20e49c2562c993d9adb7ae7eb82a82e

  • SHA256

    61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5

  • SHA512

    5ec2c4d7bba9928b23b4f8a6c674c977939d7a2880d6133c8bb05cd17dcdd8640bf257f0be82a2bba74e46ff80b25b7683c6b6d96634516be0a7069d9176e456

  • SSDEEP

    24576:Ny0AolmsblI/NnDfpWt3rSA0reF1TGToh6USLFLkfFHl:oqlNlI5fpWtCaG0h6US9

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.122:19062

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

haval

C2

83.97.73.122:19062

Attributes
  • auth_value

    d23dec6813deb04eb8abd82657a9b0af

Targets

    • Target

      61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5

    • Size

      983KB

    • MD5

      9cc731cd92badaff73f62dcde7cfe76d

    • SHA1

      aebbfb76f20e49c2562c993d9adb7ae7eb82a82e

    • SHA256

      61071812b3307184c0f04b053d367d477b98fec1d857c8f23f1502f0f43bd1a5

    • SHA512

      5ec2c4d7bba9928b23b4f8a6c674c977939d7a2880d6133c8bb05cd17dcdd8640bf257f0be82a2bba74e46ff80b25b7683c6b6d96634516be0a7069d9176e456

    • SSDEEP

      24576:Ny0AolmsblI/NnDfpWt3rSA0reF1TGToh6USLFLkfFHl:oqlNlI5fpWtCaG0h6US9

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks