Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6145f5d46faf2809cec9819624191c3740236e08e093c55ab3f4014ccc68828

  • Size

    305KB

  • Sample

    230519-hwkbdaee41

  • MD5

    fee4f2a8613a28fada7ebefdb5b211cc

  • SHA1

    4bc57126c80ff053d2fbad7bd4d0a23943364b43

  • SHA256

    d6145f5d46faf2809cec9819624191c3740236e08e093c55ab3f4014ccc68828

  • SHA512

    df883368a59c19e787f704ed8c593b3fb24547f62257903455f2bee5008b908af3bfca0ed1f51ec6baf243719d268abf62d7b131c13232bee9c30260b337efdf

  • SSDEEP

    6144:K6y+bnr+Pp0yN90QEQS/DXfmp3udzQTBmLqtlqcGQf3ot:CMrfy90fbXfBWTRsc3At

Malware Config

Extracted

Family

redline

Botnet

dolz

C2

77.91.68.253:41783

Attributes
  • auth_value

    91a052e7685b96dcfc2defe95d9affb8

Targets

    • Target

      d6145f5d46faf2809cec9819624191c3740236e08e093c55ab3f4014ccc68828

    • Size

      305KB

    • MD5

      fee4f2a8613a28fada7ebefdb5b211cc

    • SHA1

      4bc57126c80ff053d2fbad7bd4d0a23943364b43

    • SHA256

      d6145f5d46faf2809cec9819624191c3740236e08e093c55ab3f4014ccc68828

    • SHA512

      df883368a59c19e787f704ed8c593b3fb24547f62257903455f2bee5008b908af3bfca0ed1f51ec6baf243719d268abf62d7b131c13232bee9c30260b337efdf

    • SSDEEP

      6144:K6y+bnr+Pp0yN90QEQS/DXfmp3udzQTBmLqtlqcGQf3ot:CMrfy90fbXfBWTRsc3At

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks