Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    60c7192fb5c1d846f9253e2e9f95effc17796d3b4aefadbafb6e1d58c6fbcd6d

  • Size

    580KB

  • Sample

    230605-fah53seh27

  • MD5

    b8ea97b93a25d8e5b7f00124759191e2

  • SHA1

    855ff954a752af12f0f00d88ee14635e08b4cb7d

  • SHA256

    60c7192fb5c1d846f9253e2e9f95effc17796d3b4aefadbafb6e1d58c6fbcd6d

  • SHA512

    a16f768acd7b035db2833fb89a973b3e6835705691a6fbedb44bad4d92597f9b0f74e3e8a96b85189e2d62124f6e8de853e47d28f72ffbb146a21aa2e1f50ee9

  • SSDEEP

    12288:UMrty907iSOnjAuQN8q13s0uhiKmSuGIQ3If6EtVYfRail+Z3pQOywF:xyYif8N9s0uhiK7JIQ+bYkb/B

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      60c7192fb5c1d846f9253e2e9f95effc17796d3b4aefadbafb6e1d58c6fbcd6d

    • Size

      580KB

    • MD5

      b8ea97b93a25d8e5b7f00124759191e2

    • SHA1

      855ff954a752af12f0f00d88ee14635e08b4cb7d

    • SHA256

      60c7192fb5c1d846f9253e2e9f95effc17796d3b4aefadbafb6e1d58c6fbcd6d

    • SHA512

      a16f768acd7b035db2833fb89a973b3e6835705691a6fbedb44bad4d92597f9b0f74e3e8a96b85189e2d62124f6e8de853e47d28f72ffbb146a21aa2e1f50ee9

    • SSDEEP

      12288:UMrty907iSOnjAuQN8q13s0uhiKmSuGIQ3If6EtVYfRail+Z3pQOywF:xyYif8N9s0uhiK7JIQ+bYkb/B

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks