Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7

  • Size

    1.2MB

  • Sample

    230506-1da9vsac51

  • MD5

    9cf7f51516771e62d4560302dfd9fed4

  • SHA1

    402f81d97740636dbd8e9d04d5e8d9a59ecd44f1

  • SHA256

    3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7

  • SHA512

    9235f7b74e7d3f6d1e8e7906ad66fd623dc9bc82f27a005ee63d8f55f0158cb95480ff99376ae711cd131d15b60a99e1b2b6a97e9afb147483a2723cbb77d8d6

  • SSDEEP

    24576:ky0NGasfqF5mdhzjdXLyTfokn98YoLSgBHIxmhUsmmsNMRf:zLasfLhzjFq2X9BuOUsCN

Malware Config

Extracted

Family

redline

Botnet

luna

C2

217.196.96.56:4138

Attributes
  • auth_value

    16dec8addb01db1c11c59667022ef7a2

Targets

    • Target

      3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7

    • Size

      1.2MB

    • MD5

      9cf7f51516771e62d4560302dfd9fed4

    • SHA1

      402f81d97740636dbd8e9d04d5e8d9a59ecd44f1

    • SHA256

      3fceb187d5a1e155c96e225fbf5d511271f3c5c513276a86e341a9ed0cdb6bd7

    • SHA512

      9235f7b74e7d3f6d1e8e7906ad66fd623dc9bc82f27a005ee63d8f55f0158cb95480ff99376ae711cd131d15b60a99e1b2b6a97e9afb147483a2723cbb77d8d6

    • SSDEEP

      24576:ky0NGasfqF5mdhzjdXLyTfokn98YoLSgBHIxmhUsmmsNMRf:zLasfLhzjFq2X9BuOUsCN

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks