Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744

  • Size

    1.2MB

  • Sample

    230505-wr7g1aca27

  • MD5

    e6503e99a5ec0ec9c4b6ea542cce17ab

  • SHA1

    70a457aece1b398bdaeca23287308be4e2aa14ab

  • SHA256

    14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744

  • SHA512

    daeb6385855070423785f96d9ac16790ecb2e7e4fc243851865387ac475ca30e4d6deec28a339c263e8e799936e09f670a7e440bcaf8da1d6f0405258453794b

  • SSDEEP

    24576:dy1G22qT4lPzFAXQSXX2cq3I0DWnJE1r8LxHlKPcnP4A:41PBMlbgv2caIKAqV8ZwP

Malware Config

Extracted

Family

redline

Botnet

lofa

C2

185.161.248.73:4164

Attributes
  • auth_value

    3442ba767c6a30cde747101942f34a3a

Targets

    • Target

      14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744

    • Size

      1.2MB

    • MD5

      e6503e99a5ec0ec9c4b6ea542cce17ab

    • SHA1

      70a457aece1b398bdaeca23287308be4e2aa14ab

    • SHA256

      14656a7f8c5a007bc00c2a48085f0c0c83b2e16616b046e5b223471c6db4e744

    • SHA512

      daeb6385855070423785f96d9ac16790ecb2e7e4fc243851865387ac475ca30e4d6deec28a339c263e8e799936e09f670a7e440bcaf8da1d6f0405258453794b

    • SSDEEP

      24576:dy1G22qT4lPzFAXQSXX2cq3I0DWnJE1r8LxHlKPcnP4A:41PBMlbgv2caIKAqV8ZwP

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks