Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a3fa82924044e101e9afaed43d9fd6dc242a12fabbb60296cd8f231846578566

  • Size

    1.5MB

  • Sample

    230505-xflxlaeg83

  • MD5

    c1ad9354ae7e8a733f9c12643554ed1c

  • SHA1

    419dc90e728e5fea52f28e5c5541873cb83b136f

  • SHA256

    a3fa82924044e101e9afaed43d9fd6dc242a12fabbb60296cd8f231846578566

  • SHA512

    109e3090fb032c1ddd96ca705932b6fa73209a642fb5fada0b27ab9ede394f5b17bde4874da844f96456c8f53b590fa221b393692c671eb11c8c80734a64cb4d

  • SSDEEP

    49152:wL7b0i7Re4pCcKBuQeTZNxAbkOSqfnuATv0:2b0V4p/26T6bjPu7

Malware Config

Extracted

Family

redline

Botnet

maxbi

C2

185.161.248.73:4164

Attributes
  • auth_value

    6aa7dba884fe45693dfa04c91440daef

Targets

    • Target

      a3fa82924044e101e9afaed43d9fd6dc242a12fabbb60296cd8f231846578566

    • Size

      1.5MB

    • MD5

      c1ad9354ae7e8a733f9c12643554ed1c

    • SHA1

      419dc90e728e5fea52f28e5c5541873cb83b136f

    • SHA256

      a3fa82924044e101e9afaed43d9fd6dc242a12fabbb60296cd8f231846578566

    • SHA512

      109e3090fb032c1ddd96ca705932b6fa73209a642fb5fada0b27ab9ede394f5b17bde4874da844f96456c8f53b590fa221b393692c671eb11c8c80734a64cb4d

    • SSDEEP

      49152:wL7b0i7Re4pCcKBuQeTZNxAbkOSqfnuATv0:2b0V4p/26T6bjPu7

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks