Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231

  • Size

    770KB

  • Sample

    230526-szg1jagb72

  • MD5

    4cb22d8b7cc9c88afdd339fb07054be9

  • SHA1

    73c5cb16c9ac58408696b6eaf933c9e635d7003e

  • SHA256

    85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231

  • SHA512

    6e897dad70f36637ffb91199e94797b899f1ca9084742ef45845a4dcfad9b280106b7ba1d3593666a6c98f693831d0f42647b80070ac156d9a1ab83c0dd30b72

  • SSDEEP

    24576:2y78RbJvu8bTx/UisK0dpLAYF90xpbTjvV:F78Rxu8b9nspAYHORTr

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes
  • auth_value

    6d57dff6d3c42dddb8a76dc276b8467f

Targets

    • Target

      85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231

    • Size

      770KB

    • MD5

      4cb22d8b7cc9c88afdd339fb07054be9

    • SHA1

      73c5cb16c9ac58408696b6eaf933c9e635d7003e

    • SHA256

      85e1e52ebf0aefa604da4bd4d0f5b6cd24166d0334df23d4667620ac2f010231

    • SHA512

      6e897dad70f36637ffb91199e94797b899f1ca9084742ef45845a4dcfad9b280106b7ba1d3593666a6c98f693831d0f42647b80070ac156d9a1ab83c0dd30b72

    • SSDEEP

      24576:2y78RbJvu8bTx/UisK0dpLAYF90xpbTjvV:F78Rxu8b9nspAYHORTr

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.