Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e

  • Size

    785KB

  • Sample

    230602-h8aygaad39

  • MD5

    2f80598e8d89643783e2568299a42f1e

  • SHA1

    45503ba5fc9c868624e28af22bc2959147cf2ccd

  • SHA256

    b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e

  • SHA512

    0aae387778307f58f64b648b772474b4aafe94b515981790658088497a723e9bbe377a1b3b3ea6133e112323ee9fa0eb718b1e5ab60be8b50965910dc7113b08

  • SSDEEP

    24576:RyrXYY8PANP5KzkQEM+obXKq8qHwCVFF/1PAQ:Ec4KzkQ+88qHxVFF/

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Extracted

Family

redline

Botnet

grom

C2

83.97.73.127:19045

Attributes
  • auth_value

    2193aac8692a5e1ec66d9db9fa25ee00

Targets

    • Target

      b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e

    • Size

      785KB

    • MD5

      2f80598e8d89643783e2568299a42f1e

    • SHA1

      45503ba5fc9c868624e28af22bc2959147cf2ccd

    • SHA256

      b63e22026eb8524ae8981cd373e68451740afbd390ae31485c093a65a4a2396e

    • SHA512

      0aae387778307f58f64b648b772474b4aafe94b515981790658088497a723e9bbe377a1b3b3ea6133e112323ee9fa0eb718b1e5ab60be8b50965910dc7113b08

    • SSDEEP

      24576:RyrXYY8PANP5KzkQEM+obXKq8qHwCVFF/1PAQ:Ec4KzkQ+88qHxVFF/

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks