Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

  • Size

    524KB

  • Sample

    240711-earlsazdka

  • MD5

    314414416a999386720c50c282b81da5

  • SHA1

    b650df3be276e186d44ef5858525cf013a107de5

  • SHA256

    ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

  • SHA512

    441ce8f5df0235404a9ed3de2fe37319874a1d53b3d7eabe55cc458dd5117fab74ef8d33706f35364ad79db197ca91188a8ca1bf0951ca8b9064e4a6e129347f

  • SSDEEP

    12288:1aDzsi0+ATtjcqO5qOxhb1+Oe5VXcXiTkR:1aDDDABjcqOoO7b1+T5+h

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

185.222.57.74:55615

Targets

    • Target

      ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

    • Size

      524KB

    • MD5

      314414416a999386720c50c282b81da5

    • SHA1

      b650df3be276e186d44ef5858525cf013a107de5

    • SHA256

      ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

    • SHA512

      441ce8f5df0235404a9ed3de2fe37319874a1d53b3d7eabe55cc458dd5117fab74ef8d33706f35364ad79db197ca91188a8ca1bf0951ca8b9064e4a6e129347f

    • SSDEEP

      12288:1aDzsi0+ATtjcqO5qOxhb1+Oe5VXcXiTkR:1aDDDABjcqOoO7b1+T5+h

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.