Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.rar

  • Size

    206KB

  • Sample

    231119-dfbxvage95

  • MD5

    d6415f417cbe9041b6efbb14e2c4537a

  • SHA1

    a6b9d553124c438483680dd08b206534d8c94083

  • SHA256

    3bb135949a8fd9d074d8e503909f7dfd5295f96aa6f7145a3c3aa02b15000249

  • SHA512

    b899b4776798cbd83c89f9e30cf30c4872b114c7fce842827a0b99fdb66da1e71e3a3b14035f91620f0200d5d531cf61cfddc5da5c18c2176842a472e738f312

  • SSDEEP

    6144:6YNMvF1jdKC1e9IzoMigxkQWMGB27lfQbdZwK:AKNIkdP7MkOlfQbMK

Malware Config

Extracted

Family

redline

Botnet

@svberves4

C2

45.15.156.167:80

Targets

    • Target

      Setup.exe

    • Size

      275KB

    • MD5

      914caeec4642d8becc8edfbdc9020ce9

    • SHA1

      d29cf26f88326b12769babcc835fca89631aeb53

    • SHA256

      70d4cfde8899ce4beee159983e7d7d6ce2c08aa2ba4adc98ee47ac8743878e04

    • SHA512

      5a0250c762503180a2b7f06016b77bc52ec7940b740d8a22284bc914edb3f4261c75ab0e71c39f5b70ae70e9676bec6bb292d062f84cc5a4f91bb40915dea4da

    • SSDEEP

      3072:OCmjHS8yuBzlAjeK8SDSTRIeN10clwfC21Rzc7yFWQ3xGrcnSIZYR9cz24lK1:OnxsjeK8Pb1Nlwf51RlUrgm9cFK1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      data/cokl.dll

    • Size

      293.4MB

    • MD5

      99163c0d836ab3ace9001c1feb8ae4dc

    • SHA1

      a60f9d9defd233de381fa2010ca2ed5b8688e043

    • SHA256

      564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc

    • SHA512

      d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a

    • SSDEEP

      12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n

    Score
    1/10
    • Target

      data/jre.dll

    • Size

      293.4MB

    • MD5

      99163c0d836ab3ace9001c1feb8ae4dc

    • SHA1

      a60f9d9defd233de381fa2010ca2ed5b8688e043

    • SHA256

      564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc

    • SHA512

      d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a

    • SSDEEP

      12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n

    Score
    1/10
    • Target

      data/wers.dll

    • Size

      123.9MB

    • MD5

      9b2e2a36fe94f9b33c1e787b949ec402

    • SHA1

      1acbc06ed85a340ccaf91520f378d652ff4e5796

    • SHA256

      98d04d874c35b6ec8c6df774ec1d672b3b5e29fc264f42abbb1cb47a1143cab3

    • SHA512

      6555f9b256c9393b9fdd9fb99cfcbbcb057404d1f754f93bc2de236f3277fea9253b526ad8e97047738776df6a255dda8071206bf811986bda0648ba35b696bb

    • SSDEEP

      12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRW:X

    Score
    1/10
    • Target

      dxsupport_episodic.dll

    • Size

      10.3MB

    • MD5

      26314302a85c3190f0c059aa386c5bbf

    • SHA1

      3c0bdef6fb521ff4d1647a807489c271c86e4b93

    • SHA256

      e897efb99efb9987bfec5dceafab6b8a88a1ed78735925f6a8b72366691af865

    • SHA512

      60f4ec429abaf386e3892ad45c51d0e530a48a709991c290d00309ac9b34d93f6196c8a4b67fa46c3851ccfaa4c2c18900fa85585edb59d14cef9ccf0b5d42c2

    • SSDEEP

      12:EZRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRQ:EQ

    Score
    1/10
    • Target

      inform.dll

    • Size

      6.7MB

    • MD5

      b2a2ac5c8d7ab1e64f92049ac6b620b5

    • SHA1

      e18793cc01c8206bb3095b0cc93d41a6e5239253

    • SHA256

      d5e180bd44b78907fd57c04b4a8185dba0892ec1fc3702202a06333067a92a46

    • SHA512

      2ed6c5f52235f857a379be03343fd617d510ffbb9772d5c51219fd020a296e66234d6966e1e579fe07a7f49c9182b83e65c866ca96bb3f1332532453a346d978

    • SSDEEP

      12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRm:3

    Score
    1/10
    • Target

      wers.dll

    • Size

      293.4MB

    • MD5

      99163c0d836ab3ace9001c1feb8ae4dc

    • SHA1

      a60f9d9defd233de381fa2010ca2ed5b8688e043

    • SHA256

      564980de5c436300d57e22df5a760a5411e8054c7da1b95ba888af659b7229dc

    • SHA512

      d68aab24374576e8e0870820f77331dfac98f90c5f32c20df51071c438be7690315f4d10f7b3a3039d2e10690e012e81f262a81b875d9e0fbc3d83b3592c226a

    • SSDEEP

      12:cRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR2:n

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks