Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01631899.exe

  • Size

    579KB

  • Sample

    230605-npt5wsgg6w

  • MD5

    e57bd800c2b9b6f8c5c3324fe024c3ae

  • SHA1

    b8fd5b38b20f8cfdf4a008cea73e16f67cf116b7

  • SHA256

    dc0c2afadac0b53ac6bd604a4975a2c67fc55a3e0db84b6f4b8c877035cf703e

  • SHA512

    391b238c2eae9d176f0d5ac48864574b8d53655b8901cde0411a16a76662e120a527d7d8755fa8529da9b3f7cfc0def1e35ea548ca1e0442577874a26a8ca4c6

  • SSDEEP

    12288:eMrUy90yhscc2tsay19JXhfeTrMYzNIJYZbUjqf1JU1us1sdl:Gyucrty19JXh2T4LwbQGJoLSD

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      01631899.exe

    • Size

      579KB

    • MD5

      e57bd800c2b9b6f8c5c3324fe024c3ae

    • SHA1

      b8fd5b38b20f8cfdf4a008cea73e16f67cf116b7

    • SHA256

      dc0c2afadac0b53ac6bd604a4975a2c67fc55a3e0db84b6f4b8c877035cf703e

    • SHA512

      391b238c2eae9d176f0d5ac48864574b8d53655b8901cde0411a16a76662e120a527d7d8755fa8529da9b3f7cfc0def1e35ea548ca1e0442577874a26a8ca4c6

    • SSDEEP

      12288:eMrUy90yhscc2tsay19JXhfeTrMYzNIJYZbUjqf1JU1us1sdl:Gyucrty19JXh2T4LwbQGJoLSD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks