Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    05200499.exe

  • Size

    580KB

  • Sample

    230604-xlcacadg9s

  • MD5

    4ec4e3c61d59d98c654bb9a2e5853000

  • SHA1

    29cebf9a339cfad22262e80c387ffcb874a5eb4e

  • SHA256

    f4b092f5f134e9cfce7e29d2f9774092e408d8b20a619a63010872c24e1f8484

  • SHA512

    07afd2ed9bbfdf803e2aade5629fb71accefcd4ba419dbda9abdb51e0d0bdfbdf4449fb429bf501834729dcd70b120c3bb8f40b038ccf86c20ecd56ae5b2bfe9

  • SSDEEP

    12288:EMrpy90rQvZPEO1ia64hTVT0hTUtn85x/OXPcVNQCUkFMHGdHQ:NyHvBvTV9h8XmXkVW3Iw

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      05200499.exe

    • Size

      580KB

    • MD5

      4ec4e3c61d59d98c654bb9a2e5853000

    • SHA1

      29cebf9a339cfad22262e80c387ffcb874a5eb4e

    • SHA256

      f4b092f5f134e9cfce7e29d2f9774092e408d8b20a619a63010872c24e1f8484

    • SHA512

      07afd2ed9bbfdf803e2aade5629fb71accefcd4ba419dbda9abdb51e0d0bdfbdf4449fb429bf501834729dcd70b120c3bb8f40b038ccf86c20ecd56ae5b2bfe9

    • SSDEEP

      12288:EMrpy90rQvZPEO1ia64hTVT0hTUtn85x/OXPcVNQCUkFMHGdHQ:NyHvBvTV9h8XmXkVW3Iw

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks