Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427

  • Size

    1.4MB

  • Sample

    230506-ywswhscg3t

  • MD5

    36afbedc4aea6e680097c7134f721b05

  • SHA1

    681c0686d82b3050adcb1cda99ad79a3d46e23be

  • SHA256

    005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427

  • SHA512

    9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323

  • SSDEEP

    24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP

Malware Config

Extracted

Family

redline

Botnet

massa

C2

185.161.248.73:4164

Attributes
  • auth_value

    413bf908ab27d959c62bef532780f511

Targets

    • Target

      005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427

    • Size

      1.4MB

    • MD5

      36afbedc4aea6e680097c7134f721b05

    • SHA1

      681c0686d82b3050adcb1cda99ad79a3d46e23be

    • SHA256

      005e9df4f61f779fb2ab062a91060b825e882dfc36978649260565d1f8f66427

    • SHA512

      9b9ab7a650db6dc5ea5912e1527a41b87e254b4ea5f24adf149d4a4781263a218ae40ed0a409305f48dd23d49786a6dce8cc743edc0c879676b946be2ad99323

    • SSDEEP

      24576:byhhBvapvYX4O5uQNj8RCEC1NmBl2AQMwtuSZ6eY+0b99bTEQcgOg9VjPI855Y2:O5voO4Qd8RvC1NuwArhSZ6egb99bTPtP

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks