Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6

  • Size

    1.4MB

  • Sample

    230506-zg2esaeh9t

  • MD5

    9d8e0505246513493a86f38902bc8031

  • SHA1

    1377b577ade57c286b91a997eda060619292f955

  • SHA256

    189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6

  • SHA512

    2c762ccc36ea84633d1fda5402005e44c94731f50d4ba1e667b3a3abc8811ce597de2d7571733bed36802b7c87451b7da3190406d74435fa6f7be8b81a04bd0d

  • SSDEEP

    24576:oyIQPzlb1rycJtqz3EKaij5/gjn1Sn3wDcDEvJNAtMDBshzICNtz047i1vnBMrIy:vlPfrEpRN/gjMo02NrCvW5BFIrd

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6

    • Size

      1.4MB

    • MD5

      9d8e0505246513493a86f38902bc8031

    • SHA1

      1377b577ade57c286b91a997eda060619292f955

    • SHA256

      189ebb2509fb98fb6552421719c446efdf2daad510ed60c177fcc84112321ff6

    • SHA512

      2c762ccc36ea84633d1fda5402005e44c94731f50d4ba1e667b3a3abc8811ce597de2d7571733bed36802b7c87451b7da3190406d74435fa6f7be8b81a04bd0d

    • SSDEEP

      24576:oyIQPzlb1rycJtqz3EKaij5/gjn1Sn3wDcDEvJNAtMDBshzICNtz047i1vnBMrIy:vlPfrEpRN/gjMo02NrCvW5BFIrd

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks