Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    00979437b4cc7205495e3c756ee055d647617c0945a0a157ab5b7dde635eccce.bin

  • Size

    543KB

  • Sample

    230311-24va4abf87

  • MD5

    66541493e865ecb4987cd03ace809213

  • SHA1

    72db71fda9f0ce821c17e4039b76a32a94224e22

  • SHA256

    00979437b4cc7205495e3c756ee055d647617c0945a0a157ab5b7dde635eccce

  • SHA512

    87ba635fbf3a538e2db296f90c266972c1dc63e6f9e1e8577bcffa6ea3fe78a389b666140bc9cf75c7dfa54ed6a62fa9aab65850f8b2b19d32ce6aebd2d81b2b

  • SSDEEP

    12288:xMrey9025UmNm/TsBWwoxHUL8n7rfllLAekOWr0C7f4T9KM:LyP5UgB5oOYnllLA8WolR

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      00979437b4cc7205495e3c756ee055d647617c0945a0a157ab5b7dde635eccce.bin

    • Size

      543KB

    • MD5

      66541493e865ecb4987cd03ace809213

    • SHA1

      72db71fda9f0ce821c17e4039b76a32a94224e22

    • SHA256

      00979437b4cc7205495e3c756ee055d647617c0945a0a157ab5b7dde635eccce

    • SHA512

      87ba635fbf3a538e2db296f90c266972c1dc63e6f9e1e8577bcffa6ea3fe78a389b666140bc9cf75c7dfa54ed6a62fa9aab65850f8b2b19d32ce6aebd2d81b2b

    • SSDEEP

      12288:xMrey9025UmNm/TsBWwoxHUL8n7rfllLAekOWr0C7f4T9KM:LyP5UgB5oOYnllLA8WolR

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks