Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5d9d698e7d2629d45dda24f9fc1d3f80fa992d9124d27f1a94f0d482f27e4f56

  • Size

    1.0MB

  • Sample

    230522-a2nxraga2y

  • MD5

    eefa3c3611778fd7e3c9e50fb4a02599

  • SHA1

    c0257047f8cbeb5e731f7bf43c350270b1bc6104

  • SHA256

    5d9d698e7d2629d45dda24f9fc1d3f80fa992d9124d27f1a94f0d482f27e4f56

  • SHA512

    301e0a93bcb975ce96760e0b658201e3324fea8312208187dd3b55a7abc60f3723a5e8b9c94523e97211db1c9f678f92ec388a243aeb9b8b7cf19741b0e515ce

  • SSDEEP

    24576:7yFrUBqRHEq5hIfxfojG7prIWTLQ4Poe:uFowdEqLIfgGVcW/3o

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5d9d698e7d2629d45dda24f9fc1d3f80fa992d9124d27f1a94f0d482f27e4f56

    • Size

      1.0MB

    • MD5

      eefa3c3611778fd7e3c9e50fb4a02599

    • SHA1

      c0257047f8cbeb5e731f7bf43c350270b1bc6104

    • SHA256

      5d9d698e7d2629d45dda24f9fc1d3f80fa992d9124d27f1a94f0d482f27e4f56

    • SHA512

      301e0a93bcb975ce96760e0b658201e3324fea8312208187dd3b55a7abc60f3723a5e8b9c94523e97211db1c9f678f92ec388a243aeb9b8b7cf19741b0e515ce

    • SSDEEP

      24576:7yFrUBqRHEq5hIfxfojG7prIWTLQ4Poe:uFowdEqLIfgGVcW/3o

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks