Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1faa9b3ba6ee5a123bba3cc2213b9b82c83da7c7fa664652a335558d455832ef

  • Size

    305KB

  • Sample

    230519-jp7zjacf96

  • MD5

    8505b9bef2a956942d7a02be6f697c7a

  • SHA1

    4eb49a3d5c123477590566fdf89bfac9d4aded30

  • SHA256

    1faa9b3ba6ee5a123bba3cc2213b9b82c83da7c7fa664652a335558d455832ef

  • SHA512

    9d13f2520170afda2e29088d7fafe878e080da29f0e9dcf85dcbcd294fe0d25db2e5b1ab7f3be417261dd3bcc7f38ec96dc384ce242ac59eb4761dee45d9843a

  • SSDEEP

    6144:Kby+bnr+Fp0yN90QE4S/DXfmp3udzQTBmLqtMqFYwtWphwJc:tMrZy90fbXfBWTRDC/phcc

Malware Config

Extracted

Family

redline

Botnet

mols

C2

77.91.68.253:41783

Attributes
  • auth_value

    a4802ffb2e6c2a918243481cbc165a32

Targets

    • Target

      1faa9b3ba6ee5a123bba3cc2213b9b82c83da7c7fa664652a335558d455832ef

    • Size

      305KB

    • MD5

      8505b9bef2a956942d7a02be6f697c7a

    • SHA1

      4eb49a3d5c123477590566fdf89bfac9d4aded30

    • SHA256

      1faa9b3ba6ee5a123bba3cc2213b9b82c83da7c7fa664652a335558d455832ef

    • SHA512

      9d13f2520170afda2e29088d7fafe878e080da29f0e9dcf85dcbcd294fe0d25db2e5b1ab7f3be417261dd3bcc7f38ec96dc384ce242ac59eb4761dee45d9843a

    • SSDEEP

      6144:Kby+bnr+Fp0yN90QE4S/DXfmp3udzQTBmLqtMqFYwtWphwJc:tMrZy90fbXfBWTRDC/phcc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks