Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c088a0d0d71b457da0c4220284f3ad840abdf619e6cab64069820f24c42c50dc

  • Size

    787KB

  • Sample

    230529-nnfacabe87

  • MD5

    67b1a205f37d244059ab7bf6fca67246

  • SHA1

    1e115346c694e32080bd083ecac7ddebcb2a19a9

  • SHA256

    c088a0d0d71b457da0c4220284f3ad840abdf619e6cab64069820f24c42c50dc

  • SHA512

    62d02cec41297fecfc943d79ed87910b1f732bf5fb78dc5671b24ab803768a6b010ac21c03c270f38ba792933efa7493bf7013e5a75a367cd3d04556eb9a9642

  • SSDEEP

    12288:IMray90jgURVOy38rvvN8uURpd7SNi3aUwrYdkjbAttO5UUfjfat2sPX2uCxReXc:iyBjhzN/UDk6a0dGitO5UBvAnN

Score
10/10
redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.127:19045

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

metro

C2

83.97.73.127:19045

Attributes
  • auth_value

    f7fd4aa816bdbaad933b45b51d9b6b1a

Targets

    • Target

      c088a0d0d71b457da0c4220284f3ad840abdf619e6cab64069820f24c42c50dc

    • Size

      787KB

    • MD5

      67b1a205f37d244059ab7bf6fca67246

    • SHA1

      1e115346c694e32080bd083ecac7ddebcb2a19a9

    • SHA256

      c088a0d0d71b457da0c4220284f3ad840abdf619e6cab64069820f24c42c50dc

    • SHA512

      62d02cec41297fecfc943d79ed87910b1f732bf5fb78dc5671b24ab803768a6b010ac21c03c270f38ba792933efa7493bf7013e5a75a367cd3d04556eb9a9642

    • SSDEEP

      12288:IMray90jgURVOy38rvvN8uURpd7SNi3aUwrYdkjbAttO5UUfjfat2sPX2uCxReXc:iyBjhzN/UDk6a0dGitO5UBvAnN

    Score
    10/10
    redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.