Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f558071095f4f97f72828923886a14bab190c9ca85c42c5afc54893102d0d38

  • Size

    1.5MB

  • Sample

    230506-1279haba98

  • MD5

    3810e4d620629e89095d2024a5dd8f91

  • SHA1

    b14697dadf5bf56dad70d8bc3bd5ef6c1e35a63d

  • SHA256

    5f558071095f4f97f72828923886a14bab190c9ca85c42c5afc54893102d0d38

  • SHA512

    2280c3fd9da69c1d24e75a7460bb4df9377d693e9c8e368e45f01b2fc40bb594c58b4f0fb54ec17a853e3c46bdded390b78dcc32e74ac96b1d077a7f9c392399

  • SSDEEP

    49152:aEj3GmxrubgyTCBNRYr62Q5il/do5dGal:F9qbgmCKrnV/S5dxl

Malware Config

Extracted

Family

redline

Botnet

maxbi

C2

185.161.248.73:4164

Attributes
  • auth_value

    6aa7dba884fe45693dfa04c91440daef

Targets

    • Target

      5f558071095f4f97f72828923886a14bab190c9ca85c42c5afc54893102d0d38

    • Size

      1.5MB

    • MD5

      3810e4d620629e89095d2024a5dd8f91

    • SHA1

      b14697dadf5bf56dad70d8bc3bd5ef6c1e35a63d

    • SHA256

      5f558071095f4f97f72828923886a14bab190c9ca85c42c5afc54893102d0d38

    • SHA512

      2280c3fd9da69c1d24e75a7460bb4df9377d693e9c8e368e45f01b2fc40bb594c58b4f0fb54ec17a853e3c46bdded390b78dcc32e74ac96b1d077a7f9c392399

    • SSDEEP

      49152:aEj3GmxrubgyTCBNRYr62Q5il/do5dGal:F9qbgmCKrnV/S5dxl

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks