Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45

  • Size

    1.4MB

  • Sample

    230502-nllpcacf8x

  • MD5

    fc52ef2abd7dc53e96a0d088d86262c6

  • SHA1

    68e1322297f8e8c334f2c01bef2f33ff6e9be97f

  • SHA256

    b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45

  • SHA512

    1a06cc690a15695bd91dba1bd42d378bc4ab766847168c1e21aace37ba4681dc58bc4bc046c1c3588b26fd1aace367725a6c396ca8f5043415aaf98168dbf532

  • SSDEEP

    24576:LyglBnknVcos43MaSTAL4rSYD0DYB9aDUIXpx04I4DcTqSoQGks7YoVhudigReHk:+glxe04tzDPM9aDx04I4Dc81ksEGh2bW

Malware Config

Extracted

Family

redline

Botnet

massa

C2

185.161.248.73:4164

Attributes
  • auth_value

    413bf908ab27d959c62bef532780f511

Targets

    • Target

      b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45

    • Size

      1.4MB

    • MD5

      fc52ef2abd7dc53e96a0d088d86262c6

    • SHA1

      68e1322297f8e8c334f2c01bef2f33ff6e9be97f

    • SHA256

      b01a9d506ad1831cb2b1dda9422e1871517579bc0aabedd282385a6745e4dc45

    • SHA512

      1a06cc690a15695bd91dba1bd42d378bc4ab766847168c1e21aace37ba4681dc58bc4bc046c1c3588b26fd1aace367725a6c396ca8f5043415aaf98168dbf532

    • SSDEEP

      24576:LyglBnknVcos43MaSTAL4rSYD0DYB9aDUIXpx04I4DcTqSoQGks7YoVhudigReHk:+glxe04tzDPM9aDx04I4Dc81ksEGh2bW

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks