Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5

  • Size

    753KB

  • Sample

    230601-t2m51afc68

  • MD5

    8fac869739d494422f6f6fb7dd76ca54

  • SHA1

    4aa066e69b00afe7eb964482ece608d787e21576

  • SHA256

    13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5

  • SHA512

    0ada800f99f28cb202bf3c8419ada408ecadf005ccae806301bacef292322f2dce058dea8275b186e849cda577aa81d044a2275d74593806d9b4b7c68a2477ec

  • SSDEEP

    12288:jMrFy90D4umOQTXUDJbvPtU+Cck/OBeS4NqCOuNW6mwDOj/:yy5jrXUDJu+xkCeS2wuNW4+

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.127:19045

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Extracted

Family

redline

Botnet

rocker

C2

83.97.73.127:19045

Attributes
  • auth_value

    b4693c25843b5a1c7d63376e73e32dae

Targets

    • Target

      13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5

    • Size

      753KB

    • MD5

      8fac869739d494422f6f6fb7dd76ca54

    • SHA1

      4aa066e69b00afe7eb964482ece608d787e21576

    • SHA256

      13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5

    • SHA512

      0ada800f99f28cb202bf3c8419ada408ecadf005ccae806301bacef292322f2dce058dea8275b186e849cda577aa81d044a2275d74593806d9b4b7c68a2477ec

    • SSDEEP

      12288:jMrFy90D4umOQTXUDJbvPtU+Cck/OBeS4NqCOuNW6mwDOj/:yy5jrXUDJu+xkCeS2wuNW4+

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks