Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    065b784363d993986c4c51237186852169687edc211a97b12ef85363b3cf441b

  • Size

    768KB

  • Sample

    230525-vqng3aca9x

  • MD5

    03eef5c43d723df62024cac843000416

  • SHA1

    cf15e5f75af1c6467a22cf6876fe4a1c5c164889

  • SHA256

    065b784363d993986c4c51237186852169687edc211a97b12ef85363b3cf441b

  • SHA512

    0d84fc6489cbb82dc12d8f87df6180db9d5d1f059b220c7b874572722f8338ced97a06e2c2e30633c34c4092f4ceb9dc3d1d389f22938f5e852bfdbd1c3fce27

  • SSDEEP

    12288:eMrjy90jG3wDvLmWiwOhyNTFecDc0a3hrKUIO8G9dcPNi5mVDQ+Q+fUavc2bW1ER:tygytwXvjipI1G9ePN/DQj+8h2bDp

Malware Config

Extracted

Family

redline

Botnet

mina

C2

83.97.73.122:19062

Attributes
  • auth_value

    3d04bf4b8ba2a11c4dcf9df0e388fa05

Targets

    • Target

      065b784363d993986c4c51237186852169687edc211a97b12ef85363b3cf441b

    • Size

      768KB

    • MD5

      03eef5c43d723df62024cac843000416

    • SHA1

      cf15e5f75af1c6467a22cf6876fe4a1c5c164889

    • SHA256

      065b784363d993986c4c51237186852169687edc211a97b12ef85363b3cf441b

    • SHA512

      0d84fc6489cbb82dc12d8f87df6180db9d5d1f059b220c7b874572722f8338ced97a06e2c2e30633c34c4092f4ceb9dc3d1d389f22938f5e852bfdbd1c3fce27

    • SSDEEP

      12288:eMrjy90jG3wDvLmWiwOhyNTFecDc0a3hrKUIO8G9dcPNi5mVDQ+Q+fUavc2bW1ER:tygytwXvjipI1G9ePN/DQj+8h2bDp

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.