Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93

  • Size

    206KB

  • Sample

    230607-p7wbcaag45

  • MD5

    73bc64c893ede2084d4fdc76ab3c0e0c

  • SHA1

    68f989f85916bba1d0ffb7708f1485374cf19bd6

  • SHA256

    5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93

  • SHA512

    ae803509c8041cc7a113fd02d8d4e263db4ca153fecea953163fa77ab41540d4665fa0ba878a52ba6f52aaf6e610b505d0e45896eaa2a41c29b5a951f4e2231d

  • SSDEEP

    3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.129:19068

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93

    • Size

      206KB

    • MD5

      73bc64c893ede2084d4fdc76ab3c0e0c

    • SHA1

      68f989f85916bba1d0ffb7708f1485374cf19bd6

    • SHA256

      5d6b96d3b89efb4f72865341c5ed484fab742a181face0eaf7d642e002eebb93

    • SHA512

      ae803509c8041cc7a113fd02d8d4e263db4ca153fecea953163fa77ab41540d4665fa0ba878a52ba6f52aaf6e610b505d0e45896eaa2a41c29b5a951f4e2231d

    • SSDEEP

      3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks