Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73ee4303d6ef80fab7109dd2ce56ed11be3130134ac9a660b073b865af6977d6

  • Size

    770KB

  • Sample

    230528-hl4l9see29

  • MD5

    f63382fc90b507b4dc55d5fe5348002a

  • SHA1

    8f586cfb5082417595480ce72c58a3d307b14ac0

  • SHA256

    73ee4303d6ef80fab7109dd2ce56ed11be3130134ac9a660b073b865af6977d6

  • SHA512

    bc1d99076b53e2026a9c459376144b1d2e99f92beca0bbbf76710d8a144b4acafad13f9745835f42b20fb0f24fe7de5dd5106b32a87bf4217b71d0602832dcf9

  • SSDEEP

    12288:UMrmy90kbtiyZDrx2x7hi75zUpNWIXOi5sbbIhALfwyGRWapLuw5eOgrIKzlEm:qyHrei7J2NTJd6fwy8Wa0LOg5zl3

Malware Config

Extracted

Family

redline

Botnet

dura

C2

83.97.73.127:19062

Attributes
  • auth_value

    44b7d6fb9572dea0d64d018139c3d208

Extracted

Family

redline

Botnet

heroy

C2

83.97.73.127:19062

Attributes
  • auth_value

    b2879468e50d2d36e66f1a067d4a8bb3

Targets

    • Target

      73ee4303d6ef80fab7109dd2ce56ed11be3130134ac9a660b073b865af6977d6

    • Size

      770KB

    • MD5

      f63382fc90b507b4dc55d5fe5348002a

    • SHA1

      8f586cfb5082417595480ce72c58a3d307b14ac0

    • SHA256

      73ee4303d6ef80fab7109dd2ce56ed11be3130134ac9a660b073b865af6977d6

    • SHA512

      bc1d99076b53e2026a9c459376144b1d2e99f92beca0bbbf76710d8a144b4acafad13f9745835f42b20fb0f24fe7de5dd5106b32a87bf4217b71d0602832dcf9

    • SSDEEP

      12288:UMrmy90kbtiyZDrx2x7hi75zUpNWIXOi5sbbIhALfwyGRWapLuw5eOgrIKzlEm:qyHrei7J2NTJd6fwy8Wa0LOg5zl3

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks