Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

15e2609467...21.exe

windows7-x64

10

15e2609467...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    056deb6ec10027d86888638b8b2247b8.bin

  • Size

    365KB

  • Sample

    230605-lxbmeagc6y

  • MD5

    b1f7229d850402e18500f2c08aae08ac

  • SHA1

    951da5f1909f5dc4748d1128e85e695a72046ca9

  • SHA256

    ed7707860347ea07199de6d5fb4e25d6c7e059cf8b21e4b02d19a1db9a864569

  • SHA512

    89f0f8cadc9a8f1c90ce31f313706289b6c07b7439d8de6ef5c7c0c1ce5c40addd4bcf07c2f629fb85d30ae609d0fd78fb94cdd6767231b53a3694752e915dd0

  • SSDEEP

    6144:CwFQJNAQHwLaQnC1A0Roky9kL+xsxR1Qk7ej5kTqpOEBwXFx1CrPfDdWSnhRz5M/:AJLmaQC1A0pyls3v7esqp7WXv1CTfDd+

Score
10/10
redlinevebo.01-06_taevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

VEBO.01-06_TA

C2

50.114.39.71:10576

Attributes
  • auth_value

    8f9eccdbb2415cc019309e8058c956b4

Targets

    • Target

      15e26094676227ed93d5968badafe6f33ac17f77b9e91ef7ef86ee82d5a07821.exe

    • Size

      560KB

    • MD5

      056deb6ec10027d86888638b8b2247b8

    • SHA1

      98f36ae500e628dba667be3ec84b8023dfc37206

    • SHA256

      15e26094676227ed93d5968badafe6f33ac17f77b9e91ef7ef86ee82d5a07821

    • SHA512

      af067154ab0c0d6e537967f405da53aa3590229f0759382ba0602299eed7135928d683323c7dd68fb4aa4ab40bba55cc7c0440370cf2d70b2a4f22fc73927712

    • SSDEEP

      6144:u7dNSb0zoj6JITz7zEFjnhK4P4SShWYrmhUCTI6mK+kFSutrXy0IRHN7eifbwR:YP8fEFj8mOAF9VM0IRHN7ei8R

    Score
    10/10
    redlinevebo.01-06_taevasioninfostealerpersistencetrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks