Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df99ffded671130a004acb37d537829c12c179679ec1f0c3d16d1332c5e08c95

  • Size

    491KB

  • Sample

    230508-b1rspaad31

  • MD5

    b69b22db3b1bd42061c0b43a8b4c56fd

  • SHA1

    04cb58877d703add816759bd83a5233590521115

  • SHA256

    df99ffded671130a004acb37d537829c12c179679ec1f0c3d16d1332c5e08c95

  • SHA512

    eb142a3f450edc1d8eccb94a3f7a76511b433eca05af691dc480fd2ea24ede9c9deedc406c7efda62408d6960ca9c874772187825cdca68264584ae1c31f95e8

  • SSDEEP

    6144:Kyy+bnr+op0yN90QE0zFFreWEQZC6Awc8ZZLtKl1JiIfRiV5Bykl2DK6ADkkpuzM:2MrUy90+Pkxwc8Zcr5iVqQ2fPjVh4

Malware Config

Extracted

Family

redline

Botnet

lipo

C2

217.196.96.101:4132

Attributes
  • auth_value

    3183df2d03b17daa3c5ecc95e60086a5

Targets

    • Target

      df99ffded671130a004acb37d537829c12c179679ec1f0c3d16d1332c5e08c95

    • Size

      491KB

    • MD5

      b69b22db3b1bd42061c0b43a8b4c56fd

    • SHA1

      04cb58877d703add816759bd83a5233590521115

    • SHA256

      df99ffded671130a004acb37d537829c12c179679ec1f0c3d16d1332c5e08c95

    • SHA512

      eb142a3f450edc1d8eccb94a3f7a76511b433eca05af691dc480fd2ea24ede9c9deedc406c7efda62408d6960ca9c874772187825cdca68264584ae1c31f95e8

    • SSDEEP

      6144:Kyy+bnr+op0yN90QE0zFFreWEQZC6Awc8ZZLtKl1JiIfRiV5Bykl2DK6ADkkpuzM:2MrUy90+Pkxwc8Zcr5iVqQ2fPjVh4

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks