Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3eb41edab78db1b73fe65e768c0936c1.bin

  • Size

    977KB

  • Sample

    230523-bm6ppaeb3x

  • MD5

    7873469010b81090ac4a8947d8a09306

  • SHA1

    a6b319b3677202a8ae1e83fb7d832025512b0ec0

  • SHA256

    e49f3e10d04def90bcd4bb4dc2106cf2161b13c5bb0073866ed2c8ef14dda1af

  • SHA512

    4ee3e82ed040108f8a5c6b1d68f9bc1528bf4f2929447a4d09a424b0a889ad63617099d06ea311ae5cd2b740a34039c50c2fca0d00470657dd065a261b0dcb45

  • SSDEEP

    24576:wwg8lUjTf/FR4sLHEl8gw3nZdAOwvQ7rjn5aFIVp:FlUHf/aegwXvAOgQ7/5a2j

Malware Config

Extracted

Family

redline

Botnet

luza

C2

185.161.248.37:4138

Attributes
  • auth_value

    1261701914d508e02e8b4f25d38bc7f9

Targets

    • Target

      eee2af8cb9fce696685e45f7f328963cfdce3ac4c1bc55775e46205b2b4ee333.exe

    • Size

      1021KB

    • MD5

      3eb41edab78db1b73fe65e768c0936c1

    • SHA1

      9e623ff0f9a010baf6ec0a845f610d366cd33155

    • SHA256

      eee2af8cb9fce696685e45f7f328963cfdce3ac4c1bc55775e46205b2b4ee333

    • SHA512

      51fef1595378fcf089d7343887e94b31648101e54fa20860297c3e51a58a05106fa7035b725fc08900fe5a3148cd3b276f1f5286b1c8cd9c2dfca9de9026bd8f

    • SSDEEP

      24576:Ay9lAduF8o5mmqZwcEEfjg3iuQJALUpU6uE7Hu:H9ofopqScEAg3IJsU9uE7H

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks