Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

  • Size

    770KB

  • Sample

    230526-vt6g2sge67

  • MD5

    d331d8bcce3f4d219a050d29a5f82341

  • SHA1

    ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9

  • SHA256

    8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

  • SHA512

    891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a

  • SSDEEP

    24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes
  • auth_value

    6d57dff6d3c42dddb8a76dc276b8467f

Targets

    • Target

      8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

    • Size

      770KB

    • MD5

      d331d8bcce3f4d219a050d29a5f82341

    • SHA1

      ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9

    • SHA256

      8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

    • SHA512

      891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a

    • SSDEEP

      24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.