Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dbcd0bd3d290667882c1ab2dba469f61.exe

  • Size

    3.2MB

  • Sample

    231001-e64afsad99

  • MD5

    dbcd0bd3d290667882c1ab2dba469f61

  • SHA1

    6a8392b6cc84d5fe11eebe5c7608017aec5fcdfc

  • SHA256

    f36b1f58aebb51a74d55b774fb51849fb1668ef7c9915ac6da56d7d43fbf6782

  • SHA512

    ee4185b58b124129d31f93e4c5152b236a4ab6ca1c340a6d09f200eba653f4a9908096fb72e241a1e38ff67bf71aae3e500490c1a798c44e55ac5d4d843fd83d

  • SSDEEP

    49152:DOpya1VuZQol8eADmnYviG3yqpuhhofJr37Qtcb7KD1licT6HQMb:Cpya1Vw2eADpvbyqpyhofpCcbSnIQ

Malware Config

Extracted

Family

redline

Botnet

seevpalpadin-930

C2

38.181.25.43:3325

Attributes
  • auth_value

    e6927db74f64e90a4b02f736972d9d7c

Targets

    • Target

      dbcd0bd3d290667882c1ab2dba469f61.exe

    • Size

      3.2MB

    • MD5

      dbcd0bd3d290667882c1ab2dba469f61

    • SHA1

      6a8392b6cc84d5fe11eebe5c7608017aec5fcdfc

    • SHA256

      f36b1f58aebb51a74d55b774fb51849fb1668ef7c9915ac6da56d7d43fbf6782

    • SHA512

      ee4185b58b124129d31f93e4c5152b236a4ab6ca1c340a6d09f200eba653f4a9908096fb72e241a1e38ff67bf71aae3e500490c1a798c44e55ac5d4d843fd83d

    • SSDEEP

      49152:DOpya1VuZQol8eADmnYviG3yqpuhhofJr37Qtcb7KD1licT6HQMb:Cpya1Vw2eADpvbyqpyhofpCcbSnIQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks