Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf

  • Size

    761KB

  • Sample

    230527-rva6racb26

  • MD5

    69c6a65edf00a34e5df551debe6330a6

  • SHA1

    a3a68cd42435526b900d8f5db820a6f7626ca037

  • SHA256

    be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf

  • SHA512

    7e06dbba973a49bbdcd93701718b2f41004f004114bdd52910da9de4b6c150634f754ac0927ced5010fa86f03583804de8fa241097e8770cacd5f7a0a6633b6c

  • SSDEEP

    12288:fMrOy90/ic35JJXf54NT6Q6qNaFe8BCQk/MkZWsgfgwOjmJocVJfTjI:hyA5fXfq/6q0FjvqWGSVxI

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19062

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Extracted

Family

redline

Botnet

munder

C2

83.97.73.127:19062

Attributes
  • auth_value

    159bf350f6393f0d879c80a22059fba2

Targets

    • Target

      be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf

    • Size

      761KB

    • MD5

      69c6a65edf00a34e5df551debe6330a6

    • SHA1

      a3a68cd42435526b900d8f5db820a6f7626ca037

    • SHA256

      be6c29b6863137f515029070ca39a49bc66382a165216b6e964ae6e26d84aacf

    • SHA512

      7e06dbba973a49bbdcd93701718b2f41004f004114bdd52910da9de4b6c150634f754ac0927ced5010fa86f03583804de8fa241097e8770cacd5f7a0a6633b6c

    • SSDEEP

      12288:fMrOy90/ic35JJXf54NT6Q6qNaFe8BCQk/MkZWsgfgwOjmJocVJfTjI:hyA5fXfq/6q0FjvqWGSVxI

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks