Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8

  • Size

    753KB

  • Sample

    230530-s7peksag6y

  • MD5

    916c018e71f47c062ecf1f6569cd6f09

  • SHA1

    b8fcb0ea86d2bcb22d40d74443475229533c643e

  • SHA256

    7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8

  • SHA512

    b298c4871621c1b555b44a483d96fa109708fa2c2d941cf7664fc57a1aa0f0d0dccdd0dc1aaae00e5ed8b8515b5be3067236af70085514010b0ca6a7ebf48927

  • SSDEEP

    12288:GMrOy90UExi/pbB6OzjFW7IQ/0ZsyQHM+NfDdTtni8OwqQOuPGqsII10:EySYZBfwIH2s859FJLtG710

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19045

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Extracted

Family

redline

Botnet

ronin

C2

83.97.73.127:19045

Attributes
  • auth_value

    4cce855f5ba9b9b6e5b1400f102745de

Targets

    • Target

      7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8

    • Size

      753KB

    • MD5

      916c018e71f47c062ecf1f6569cd6f09

    • SHA1

      b8fcb0ea86d2bcb22d40d74443475229533c643e

    • SHA256

      7c36a2d34d7dfb028e03f206e65445cb1d45e603a1c550074b4f6292458a18b8

    • SHA512

      b298c4871621c1b555b44a483d96fa109708fa2c2d941cf7664fc57a1aa0f0d0dccdd0dc1aaae00e5ed8b8515b5be3067236af70085514010b0ca6a7ebf48927

    • SSDEEP

      12288:GMrOy90UExi/pbB6OzjFW7IQ/0ZsyQHM+NfDdTtni8OwqQOuPGqsII10:EySYZBfwIH2s859FJLtG710

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks