Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

  • Size

    770KB

  • Sample

    230526-vt6g2sge67

  • MD5

    d331d8bcce3f4d219a050d29a5f82341

  • SHA1

    ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9

  • SHA256

    8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

  • SHA512

    891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a

  • SSDEEP

    24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp

Malware Config

Extracted

Family

redline

Botnet

disa

C2

83.97.73.122:19062

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes
  • auth_value

    6d57dff6d3c42dddb8a76dc276b8467f

Targets

    • Target

      8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

    • Size

      770KB

    • MD5

      d331d8bcce3f4d219a050d29a5f82341

    • SHA1

      ebf4e851b65630f9b849ad6c2cadc8be5d6ee6f9

    • SHA256

      8210655a29eea3974367666e19098994f05bbe57684f1b66d07ea5baa0d54cf5

    • SHA512

      891855daf53f138478dca0bb91d25cd7be280b49cef97b2c65e73f399757d311e496a4207b6efbae9313c6e944c98e891e44aeff0c2b3b25806caeeba01f963a

    • SSDEEP

      24576:ayJxvtEufWr7mWZMCzmCE2erZNFh0qVbpjf:hJlMUCxEjTllp

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks