Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8a39e5cacb769041978b69838a232c71a6caffeea3af11d2102fa6bf792b2e44

  • Size

    731KB

  • Sample

    230531-jl2ncade87

  • MD5

    4ab19309334d22e695058b57064b4b62

  • SHA1

    bef8941ba7db51987fabf03dca354687c0f6a426

  • SHA256

    8a39e5cacb769041978b69838a232c71a6caffeea3af11d2102fa6bf792b2e44

  • SHA512

    c2cec274a0baad8be3bf55b31b4b582311e6c4c49169c61ff600f24c33bde8888c47d1ab1dbe4a429e93930032b8383e0eb21b3356196f15fedb5ced42f781d4

  • SSDEEP

    12288:3Mr8y90Ob8tDllec6XyXVyYR0PLIGLWCpX1NV8USGof6qLmUmzpLS9oK:XygDLgiRCLIdCpX1NGUA9LmPzpLSz

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19045

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Extracted

Family

redline

Botnet

tinda

C2

83.97.73.127:19045

Attributes
  • auth_value

    88da3924455f4ba3a1b76cd03af918bb

Targets

    • Target

      8a39e5cacb769041978b69838a232c71a6caffeea3af11d2102fa6bf792b2e44

    • Size

      731KB

    • MD5

      4ab19309334d22e695058b57064b4b62

    • SHA1

      bef8941ba7db51987fabf03dca354687c0f6a426

    • SHA256

      8a39e5cacb769041978b69838a232c71a6caffeea3af11d2102fa6bf792b2e44

    • SHA512

      c2cec274a0baad8be3bf55b31b4b582311e6c4c49169c61ff600f24c33bde8888c47d1ab1dbe4a429e93930032b8383e0eb21b3356196f15fedb5ced42f781d4

    • SSDEEP

      12288:3Mr8y90Ob8tDllec6XyXVyYR0PLIGLWCpX1NV8USGof6qLmUmzpLS9oK:XygDLgiRCLIdCpX1NGUA9LmPzpLSz

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks