Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e

  • Size

    764KB

  • Sample

    230526-kpg9jsfb9w

  • MD5

    4c1942ca382745ae33b07e8dcebb384f

  • SHA1

    d4ff75aa6081d6a9914e3de2b3214c710383d7fc

  • SHA256

    370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e

  • SHA512

    44a62fa25802b4f8ef6a4904cbffcfe6a9b2ada0e72d3aa053e0447c3363ddd8b4343b3da1fae6dfdba7ac3e1dbd03426c550902fa957d7ba51f12510480a8fb

  • SSDEEP

    12288:7Mr9y90hvJhaNSEElOOZuq6JaJSKzh69q6z8gQR/HjoLNpQNOBEgmp4d88md8LBI:OygD6YuquabMjwR/Hjqa4O8mdou

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes
  • auth_value

    6d57dff6d3c42dddb8a76dc276b8467f

Targets

    • Target

      370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e

    • Size

      764KB

    • MD5

      4c1942ca382745ae33b07e8dcebb384f

    • SHA1

      d4ff75aa6081d6a9914e3de2b3214c710383d7fc

    • SHA256

      370aaf056aa16871d49f9273b31df338c42fb757a483403e193be37edda3708e

    • SHA512

      44a62fa25802b4f8ef6a4904cbffcfe6a9b2ada0e72d3aa053e0447c3363ddd8b4343b3da1fae6dfdba7ac3e1dbd03426c550902fa957d7ba51f12510480a8fb

    • SSDEEP

      12288:7Mr9y90hvJhaNSEElOOZuq6JaJSKzh69q6z8gQR/HjoLNpQNOBEgmp4d88md8LBI:OygD6YuquabMjwR/Hjqa4O8mdou

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks