Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

  • Size

    806KB

  • Sample

    230529-f62x3aac31

  • MD5

    aca88ae7746d36d2cae651082a4621fe

  • SHA1

    397a817ddd026455bc92293c60e93714b13073c8

  • SHA256

    11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

  • SHA512

    c6866caa926b5221c6719866746b08a96980bf9307d4b24885dc176ae9c11b7343b5d10a14d95949ed0abe15ec7ee4dead80bedea392d582a6b3b680546f80b0

  • SSDEEP

    24576:5ynxk7OauZFqf1pm6UVLKKm1eqnv6USjX:sASq9pm6U5KK9qnv

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.127:19045

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

metro

C2

83.97.73.127:19045

Attributes
  • auth_value

    f7fd4aa816bdbaad933b45b51d9b6b1a

Targets

    • Target

      11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

    • Size

      806KB

    • MD5

      aca88ae7746d36d2cae651082a4621fe

    • SHA1

      397a817ddd026455bc92293c60e93714b13073c8

    • SHA256

      11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

    • SHA512

      c6866caa926b5221c6719866746b08a96980bf9307d4b24885dc176ae9c11b7343b5d10a14d95949ed0abe15ec7ee4dead80bedea392d582a6b3b680546f80b0

    • SSDEEP

      24576:5ynxk7OauZFqf1pm6UVLKKm1eqnv6USjX:sASq9pm6U5KK9qnv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks