Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd826afdb55e07846e823db1f9d0544ac8f9b4d411223ef4b18038c7d9e34192

  • Size

    722KB

  • Sample

    230607-bgnxpagc47

  • MD5

    813a4b7101896c7ac66b652eaad4f888

  • SHA1

    68a78bee7a6d3fe2f34f949ab556b586806ff694

  • SHA256

    cd826afdb55e07846e823db1f9d0544ac8f9b4d411223ef4b18038c7d9e34192

  • SHA512

    da382775b5845f409cc2880939d8fea281b7927b60faeb3eb4c5989f192339d24f3fb5721d7b771a7fddd9b25465677b9df341714ec2b5105b56f0b82961dd8e

  • SSDEEP

    12288:kMrZy907WzVqfE8LjawR0vYjgpGyb1Wg9ijinXWRvpL4eGHQGFHxeW:tygWRWjaYqGyxzNEZmHQqHxeW

Malware Config

Extracted

Family

redline

Botnet

dasa

C2

83.97.73.126:19048

Attributes
  • auth_value

    7eca6ed540c2dcd359aed5b67c4eda07

Targets

    • Target

      cd826afdb55e07846e823db1f9d0544ac8f9b4d411223ef4b18038c7d9e34192

    • Size

      722KB

    • MD5

      813a4b7101896c7ac66b652eaad4f888

    • SHA1

      68a78bee7a6d3fe2f34f949ab556b586806ff694

    • SHA256

      cd826afdb55e07846e823db1f9d0544ac8f9b4d411223ef4b18038c7d9e34192

    • SHA512

      da382775b5845f409cc2880939d8fea281b7927b60faeb3eb4c5989f192339d24f3fb5721d7b771a7fddd9b25465677b9df341714ec2b5105b56f0b82961dd8e

    • SSDEEP

      12288:kMrZy907WzVqfE8LjawR0vYjgpGyb1Wg9ijinXWRvpL4eGHQGFHxeW:tygWRWjaYqGyxzNEZmHQqHxeW

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks