Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a

  • Size

    752KB

  • Sample

    230530-htz9tagc3s

  • MD5

    f2f7a6f827f7d707a8b71c6d7bb5e558

  • SHA1

    24b738ff2a04b6119f8089020efe0c852894a868

  • SHA256

    b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a

  • SHA512

    fd6af17befa6ef7d94573b75fa9bb0ab8e7e3367e20cc985ecea62f7fdf1e6c033ebfc5f9812d92939a7e8153757b6245b0174393441155ca21270846a84baa3

  • SSDEEP

    12288:4MrKy90B4vmP1QblpFFBomj0DgCbeDeynDX+8aZawv+0KLjhZRTp7VgV8Xe1vIpr:SyA4vmKpz2PlyDuDaw7KtTp7Vgfv8r

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.127:19045

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

ronin

C2

83.97.73.127:19045

Attributes
  • auth_value

    4cce855f5ba9b9b6e5b1400f102745de

Targets

    • Target

      b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a

    • Size

      752KB

    • MD5

      f2f7a6f827f7d707a8b71c6d7bb5e558

    • SHA1

      24b738ff2a04b6119f8089020efe0c852894a868

    • SHA256

      b6da51acb6e5fec5e01f1642d0fa4702e2e9b26ec3815ceb182e13f149d2023a

    • SHA512

      fd6af17befa6ef7d94573b75fa9bb0ab8e7e3367e20cc985ecea62f7fdf1e6c033ebfc5f9812d92939a7e8153757b6245b0174393441155ca21270846a84baa3

    • SSDEEP

      12288:4MrKy90B4vmP1QblpFFBomj0DgCbeDeynDX+8aZawv+0KLjhZRTp7VgV8Xe1vIpr:SyA4vmKpz2PlyDuDaw7KtTp7Vgfv8r

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks