Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    62263263167.exe

  • Size

    1.0MB

  • Sample

    230522-mtgjxsfg66

  • MD5

    e7a5b9384e98d5824908250151350ab9

  • SHA1

    d8fa0e261190fe467a0f995ea374336ce4202d7e

  • SHA256

    399c54c2eee7682054160b286afb63afdf46995224531f4d2f13f68df90f865f

  • SHA512

    586d8b33547748c2c69b86888cde3a5290e75b453a0a5db8e6faf0b2d4e142782f7942cded609eb53003f2b002a516c5e0f1d75c01835fd20203a140b7cbcf77

  • SSDEEP

    24576:JyGzT/ZbdDh4h5kBqFR8jVNZKA2/LynKPxTj07uBhNupXCf:8UT/ZpD6h5qqFR8hI/yKPxc7u/4

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      62263263167.exe

    • Size

      1.0MB

    • MD5

      e7a5b9384e98d5824908250151350ab9

    • SHA1

      d8fa0e261190fe467a0f995ea374336ce4202d7e

    • SHA256

      399c54c2eee7682054160b286afb63afdf46995224531f4d2f13f68df90f865f

    • SHA512

      586d8b33547748c2c69b86888cde3a5290e75b453a0a5db8e6faf0b2d4e142782f7942cded609eb53003f2b002a516c5e0f1d75c01835fd20203a140b7cbcf77

    • SSDEEP

      24576:JyGzT/ZbdDh4h5kBqFR8jVNZKA2/LynKPxTj07uBhNupXCf:8UT/ZpD6h5qqFR8hI/yKPxc7u/4

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks