Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    971b7b472d56b4aac04bfdafc0cfe3aea4740cf1eef3b40c87832d012671b20e

  • Size

    770KB

  • Sample

    230528-ak4lwade79

  • MD5

    81c0d8cb16347a05d8fb81e6e3241a87

  • SHA1

    a75ee5302c7284ff1a768938544198f9aafe631c

  • SHA256

    971b7b472d56b4aac04bfdafc0cfe3aea4740cf1eef3b40c87832d012671b20e

  • SHA512

    32d7fd9578d06184ba50f1c0391c4daf568bde35cb676f76969d37d7e3e2c1df012d8c9dddffc16cc76f81cbe4dc4cf66050506943eb1fc2be3d10a0bfb0982e

  • SSDEEP

    24576:7y+TXI17EF/VxpDVH+mqtlKEQZp3mw9aau:u+To7y/jpDVH+wEQf2w95

Malware Config

Extracted

Family

redline

Botnet

dura

C2

83.97.73.127:19062

Attributes
  • auth_value

    44b7d6fb9572dea0d64d018139c3d208

Extracted

Family

redline

Botnet

heroy

C2

83.97.73.127:19062

Attributes
  • auth_value

    b2879468e50d2d36e66f1a067d4a8bb3

Targets

    • Target

      971b7b472d56b4aac04bfdafc0cfe3aea4740cf1eef3b40c87832d012671b20e

    • Size

      770KB

    • MD5

      81c0d8cb16347a05d8fb81e6e3241a87

    • SHA1

      a75ee5302c7284ff1a768938544198f9aafe631c

    • SHA256

      971b7b472d56b4aac04bfdafc0cfe3aea4740cf1eef3b40c87832d012671b20e

    • SHA512

      32d7fd9578d06184ba50f1c0391c4daf568bde35cb676f76969d37d7e3e2c1df012d8c9dddffc16cc76f81cbe4dc4cf66050506943eb1fc2be3d10a0bfb0982e

    • SSDEEP

      24576:7y+TXI17EF/VxpDVH+mqtlKEQZp3mw9aau:u+To7y/jpDVH+wEQf2w95

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks