Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4

  • Size

    770KB

  • Sample

    230528-bzkyraec4z

  • MD5

    f7e38b540d9bce75f7bfd6d08cf881c3

  • SHA1

    cd448e306b3b83a72b18994ec63b25f8d68851cc

  • SHA256

    7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4

  • SHA512

    215db2a58c139a921a1c6590595be18d254c19d8be395e1fcd16acea642fa16bef4c4cd55b1d3ee27e47a01c67ace6758ce48f5a77ef6d3fe86fa2043287209c

  • SSDEEP

    12288:pMrpy90ZS6VI6UCh0jKtR4bNvLt0ntqvAEp8MNwhPTGu3I6zoytU1in:Ay2BDR4BLtmtY8phooHUO

Malware Config

Extracted

Family

redline

Botnet

dura

C2

83.97.73.127:19062

Attributes
  • auth_value

    44b7d6fb9572dea0d64d018139c3d208

Extracted

Family

redline

Botnet

heroy

C2

83.97.73.127:19062

Attributes
  • auth_value

    b2879468e50d2d36e66f1a067d4a8bb3

Targets

    • Target

      7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4

    • Size

      770KB

    • MD5

      f7e38b540d9bce75f7bfd6d08cf881c3

    • SHA1

      cd448e306b3b83a72b18994ec63b25f8d68851cc

    • SHA256

      7d84cc2060a4ad15ff8e5519ab1748da0b2075bb75723f7ba874a6863a08b5b4

    • SHA512

      215db2a58c139a921a1c6590595be18d254c19d8be395e1fcd16acea642fa16bef4c4cd55b1d3ee27e47a01c67ace6758ce48f5a77ef6d3fe86fa2043287209c

    • SSDEEP

      12288:pMrpy90ZS6VI6UCh0jKtR4bNvLt0ntqvAEp8MNwhPTGu3I6zoytU1in:Ay2BDR4BLtmtY8phooHUO

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks