Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2454.exe

  • Size

    1.0MB

  • Sample

    230520-m4jf9see7s

  • MD5

    a2e3ada01f6c8ce8724a7903064f21ea

  • SHA1

    38199193c3d02408b937b32167e38bb9fae1c6f6

  • SHA256

    86f3a75d3c1fdb2c101a9fd830930f91254e0dd70a353007b0719abafbf22c25

  • SHA512

    72e0173bbf937ed30d6359c42f1489218d46695732f55504356f68ba94c179009829c8af004c4270e19954965faf75559aeb3f70f8e2e81cacd9993d59604bf9

  • SSDEEP

    24576:/yX0i0tabVsXRmBOmfeGxi5LsxZWk1GekCjGeKJ:KkikLXRMGGxiZkZNjtK

Malware Config

Extracted

Family

redline

Botnet

meren

C2

77.91.68.253:19065

Attributes
  • auth_value

    a26557b435e44b55fdd4708fbba97d21

Targets

    • Target

      2454.exe

    • Size

      1.0MB

    • MD5

      a2e3ada01f6c8ce8724a7903064f21ea

    • SHA1

      38199193c3d02408b937b32167e38bb9fae1c6f6

    • SHA256

      86f3a75d3c1fdb2c101a9fd830930f91254e0dd70a353007b0719abafbf22c25

    • SHA512

      72e0173bbf937ed30d6359c42f1489218d46695732f55504356f68ba94c179009829c8af004c4270e19954965faf75559aeb3f70f8e2e81cacd9993d59604bf9

    • SSDEEP

      24576:/yX0i0tabVsXRmBOmfeGxi5LsxZWk1GekCjGeKJ:KkikLXRMGGxiZkZNjtK

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks