Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    panel.exe

  • Size

    16.4MB

  • Sample

    230823-ewcdzshf82

  • MD5

    1246b7d115005ce9fcc96848c5595d72

  • SHA1

    fa3777c7fe670cea2a4e8267945c3137091c64b5

  • SHA256

    f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78

  • SHA512

    5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101

  • SSDEEP

    393216:gyOsihmjY/uAKJkDk4x/aQsY3K/jRsBp:FOLhmjY/utek4x/aQsyKLuBp

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

127.0.0.1:1337

Targets

    • Target

      panel.exe

    • Size

      16.4MB

    • MD5

      1246b7d115005ce9fcc96848c5595d72

    • SHA1

      fa3777c7fe670cea2a4e8267945c3137091c64b5

    • SHA256

      f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78

    • SHA512

      5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101

    • SSDEEP

      393216:gyOsihmjY/uAKJkDk4x/aQsY3K/jRsBp:FOLhmjY/utek4x/aQsyKLuBp

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks