Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    connector361.exe

  • Size

    1.0MB

  • Sample

    230522-mvrraafh29

  • MD5

    581026913ad722416f7644094188e68a

  • SHA1

    df366a2268e5373f407e73fc80c7f694d31db551

  • SHA256

    cb0d7efc51da225943743f0055cdf3584ad5d4f3a855150eb0bad8697e579433

  • SHA512

    c3f316d248469d932bd10254eccc2f3f3a71f291bd8b068c857247c43ba6d5616672bdb317e404939381e6b1e2452243987b6c7e2205c75b87d29c99ed23b90c

  • SSDEEP

    24576:1yJAzsS6ggVpLLy2qFYDJi1se/qenD6ezp9sXp9G8iZvKwIe:QJLSiVpS2q2i1seCenuezQXiZv

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      connector361.exe

    • Size

      1.0MB

    • MD5

      581026913ad722416f7644094188e68a

    • SHA1

      df366a2268e5373f407e73fc80c7f694d31db551

    • SHA256

      cb0d7efc51da225943743f0055cdf3584ad5d4f3a855150eb0bad8697e579433

    • SHA512

      c3f316d248469d932bd10254eccc2f3f3a71f291bd8b068c857247c43ba6d5616672bdb317e404939381e6b1e2452243987b6c7e2205c75b87d29c99ed23b90c

    • SSDEEP

      24576:1yJAzsS6ggVpLLy2qFYDJi1se/qenD6ezp9sXp9G8iZvKwIe:QJLSiVpS2q2i1seCenuezQXiZv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks