Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    networking992.exe

  • Size

    1.0MB

  • Sample

    230522-mwgmpsfh82

  • MD5

    d95487f0e0bff3c3ab490116a194c958

  • SHA1

    665262a1ab5225e67a0a75d0d44bf93a7eb3a573

  • SHA256

    c9c89cfb3d3239dd2e0402da23caa0f803be818f8557bb568a09afab20285b7b

  • SHA512

    1bf424c7554b71a691fcdb6d6c13a5f30ced42659521582aa1a739a175b9aa5a595da8e8ef08911b8f9dbd7e75a5a6db61327555eef5df80e9a53a9f1fa0e2e3

  • SSDEEP

    24576:rycHy/2NUD8zFq6vYk2xNh6Le1bRnv2yg0iJnfQhA:ecSeNMgFq6ADxce1Myyhs

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.37:4138

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      networking992.exe

    • Size

      1.0MB

    • MD5

      d95487f0e0bff3c3ab490116a194c958

    • SHA1

      665262a1ab5225e67a0a75d0d44bf93a7eb3a573

    • SHA256

      c9c89cfb3d3239dd2e0402da23caa0f803be818f8557bb568a09afab20285b7b

    • SHA512

      1bf424c7554b71a691fcdb6d6c13a5f30ced42659521582aa1a739a175b9aa5a595da8e8ef08911b8f9dbd7e75a5a6db61327555eef5df80e9a53a9f1fa0e2e3

    • SSDEEP

      24576:rycHy/2NUD8zFq6vYk2xNh6Le1bRnv2yg0iJnfQhA:ecSeNMgFq6ADxce1Myyhs

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks