Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29c487d68908dedca89d42d2346c3d6f2d6bf192bf86fadb9e1613ae05f35b2b

  • Size

    771KB

  • Sample

    230526-tmb47agc76

  • MD5

    3b1326e1756c69e28812af2469b5c555

  • SHA1

    e720df124441d9459e2c1164ff36a255ca3b90ae

  • SHA256

    29c487d68908dedca89d42d2346c3d6f2d6bf192bf86fadb9e1613ae05f35b2b

  • SHA512

    087d3634b0db9f74e3c2d43bf667cb62b60c5973067481f41af400a9100c835023ef1860088ebec4c821905f61ab1687ddcc77464b47e090a3f8507f99591bc1

  • SSDEEP

    12288:tMrFy90qNdCyDxxM3kMmfsCM3A2H8OGf3qKic7JqLxglms90RUh/5kT/kwjdM/R2:4ybBxmRIq8x5SOl/906ObpjdMZ2

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes
  • auth_value

    6d57dff6d3c42dddb8a76dc276b8467f

Targets

    • Target

      29c487d68908dedca89d42d2346c3d6f2d6bf192bf86fadb9e1613ae05f35b2b

    • Size

      771KB

    • MD5

      3b1326e1756c69e28812af2469b5c555

    • SHA1

      e720df124441d9459e2c1164ff36a255ca3b90ae

    • SHA256

      29c487d68908dedca89d42d2346c3d6f2d6bf192bf86fadb9e1613ae05f35b2b

    • SHA512

      087d3634b0db9f74e3c2d43bf667cb62b60c5973067481f41af400a9100c835023ef1860088ebec4c821905f61ab1687ddcc77464b47e090a3f8507f99591bc1

    • SSDEEP

      12288:tMrFy90qNdCyDxxM3kMmfsCM3A2H8OGf3qKic7JqLxglms90RUh/5kT/kwjdM/R2:4ybBxmRIq8x5SOl/906ObpjdMZ2

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks