Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    monitor230.exe

  • Size

    1022KB

  • Sample

    230522-mwdaaafh77

  • MD5

    8229a3450e17343b9cf2ea7492822875

  • SHA1

    7d8da8ce9d3a9c798517cb8dd92e20d6c687d029

  • SHA256

    f7eae242d988e333cddead1f113e0ee294582abb3140c2deba02ec4e53afa266

  • SHA512

    d4d6255ee5dd09cb3ceca750536d472c3d08701b909df6202ef9ae0b571d910ae66f76183bf158042138890964632820ea080fc52c6f91b8c56e0e0dd5d27a14

  • SSDEEP

    24576:5yvn3MnL7C/tLtLq/9Z34RBx1HBxNEm5ZzI6BicNC8Z:svncnXYZLqF94RBx1pEm5f9C8

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes
  • auth_value

    1261701914d508e02e8b4f25d38bc7f9

Targets

    • Target

      monitor230.exe

    • Size

      1022KB

    • MD5

      8229a3450e17343b9cf2ea7492822875

    • SHA1

      7d8da8ce9d3a9c798517cb8dd92e20d6c687d029

    • SHA256

      f7eae242d988e333cddead1f113e0ee294582abb3140c2deba02ec4e53afa266

    • SHA512

      d4d6255ee5dd09cb3ceca750536d472c3d08701b909df6202ef9ae0b571d910ae66f76183bf158042138890964632820ea080fc52c6f91b8c56e0e0dd5d27a14

    • SSDEEP

      24576:5yvn3MnL7C/tLtLq/9Z34RBx1HBxNEm5ZzI6BicNC8Z:svncnXYZLqF94RBx1pEm5f9C8

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks