Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6bf4e6d596ed0c41732633c83e2241afb32e9cff426df3b8fc0801ae49e2d6c5

  • Size

    767KB

  • Sample

    230525-vxkpracb3z

  • MD5

    d08d676a65ed68fc37a910f69eafc970

  • SHA1

    80777e40806a2fe8fc9c7b442179acff8b051d5b

  • SHA256

    6bf4e6d596ed0c41732633c83e2241afb32e9cff426df3b8fc0801ae49e2d6c5

  • SHA512

    2abb353a67fda44179785b2f6c4a2c165c0661ab06c28391f2efaeaf34e66c2e83fb566f665d8dc7c045b098cd4add44c7dda7d941266244b2cc5cfc7f0b7b86

  • SSDEEP

    12288:kMrKy90tZELCu/9wmqlYbeelEkEhESAtCh4t2pCOp/Sfnv+P3m+f3avaw4WhE88H:uyyZ6999qmbZFSWCqtw/Sfnvc2+PTw4p

Malware Config

Extracted

Family

redline

Botnet

mina

C2

83.97.73.122:19062

Attributes
  • auth_value

    3d04bf4b8ba2a11c4dcf9df0e388fa05

Targets

    • Target

      6bf4e6d596ed0c41732633c83e2241afb32e9cff426df3b8fc0801ae49e2d6c5

    • Size

      767KB

    • MD5

      d08d676a65ed68fc37a910f69eafc970

    • SHA1

      80777e40806a2fe8fc9c7b442179acff8b051d5b

    • SHA256

      6bf4e6d596ed0c41732633c83e2241afb32e9cff426df3b8fc0801ae49e2d6c5

    • SHA512

      2abb353a67fda44179785b2f6c4a2c165c0661ab06c28391f2efaeaf34e66c2e83fb566f665d8dc7c045b098cd4add44c7dda7d941266244b2cc5cfc7f0b7b86

    • SSDEEP

      12288:kMrKy90tZELCu/9wmqlYbeelEkEhESAtCh4t2pCOp/Sfnv+P3m+f3avaw4WhE88H:uyyZ6999qmbZFSWCqtw/Sfnvc2+PTw4p

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks