Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BlackLauncher.exe

  • Size

    66.0MB

  • Sample

    240713-xq4v6atcjn

  • MD5

    9af3e6d9cde373f8f514fc69439c5cab

  • SHA1

    8349cdcfcdb3b081253e733b93e71f0e7c94d0ef

  • SHA256

    1d80f6a688af15e12116f444d8da85be020a3393aeaab885e4d0f8589ac23dc0

  • SHA512

    b66c9878cce829eea3467eaa8255f2752de8db2de33b8a525f2cbd886728a95d16173ed0132bc30e69da6a352952b437e1953ba84786ad3b178293abcce49550

  • SSDEEP

    393216:1qCKJWr646m8GH5y4SVFY+L/I5glN7tFL+fzqdqhuQjPLzXq:1qCKJWr36PGZpSVFh/aglNpg7jPq

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      BlackLauncher.exe

    • Size

      66.0MB

    • MD5

      9af3e6d9cde373f8f514fc69439c5cab

    • SHA1

      8349cdcfcdb3b081253e733b93e71f0e7c94d0ef

    • SHA256

      1d80f6a688af15e12116f444d8da85be020a3393aeaab885e4d0f8589ac23dc0

    • SHA512

      b66c9878cce829eea3467eaa8255f2752de8db2de33b8a525f2cbd886728a95d16173ed0132bc30e69da6a352952b437e1953ba84786ad3b178293abcce49550

    • SSDEEP

      393216:1qCKJWr646m8GH5y4SVFY+L/I5glN7tFL+fzqdqhuQjPLzXq:1qCKJWr36PGZpSVFh/aglNpg7jPq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Creates new service(s)

    • Downloads MZ/PE file

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks