Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a

  • Size

    777KB

  • Sample

    230604-mwv54ace4v

  • MD5

    e83bd758975210ec7c2520130ad3f2f5

  • SHA1

    b901b562247d7e3b23009c0fe3d15fab27ac15bf

  • SHA256

    3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a

  • SHA512

    876d20254b0a03f11f6de8d2ee2e2219e143c7ef174009d195743898b64e96d8d42d551af3617fd347b4d811d7787c876fab3e22b1f3e318ed4ffc5432278df4

  • SSDEEP

    12288:qMr+y90th0ra/0X8KznOPDbL42qlk5ERKhBjjS+2fOk2gPxDPAO6sADtCI:4ydasMKzOz42qlGNjSzRZ8OG9

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.126:19046

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Extracted

Family

redline

Botnet

brain

C2

83.97.73.126:19046

Attributes
  • auth_value

    5fb8269baadec0c49899b9a7a0c8851f

Targets

    • Target

      3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a

    • Size

      777KB

    • MD5

      e83bd758975210ec7c2520130ad3f2f5

    • SHA1

      b901b562247d7e3b23009c0fe3d15fab27ac15bf

    • SHA256

      3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a

    • SHA512

      876d20254b0a03f11f6de8d2ee2e2219e143c7ef174009d195743898b64e96d8d42d551af3617fd347b4d811d7787c876fab3e22b1f3e318ed4ffc5432278df4

    • SSDEEP

      12288:qMr+y90th0ra/0X8KznOPDbL42qlk5ERKhBjjS+2fOk2gPxDPAO6sADtCI:4ydasMKzOz42qlGNjSzRZ8OG9

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks