Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b5fd8f37a036d8323fd02dbd8ae21ba233d591ed2e45dac8ce887bd505e2cf6

  • Size

    580KB

  • Sample

    230605-hvysdafg8x

  • MD5

    b4518646701999e56883fbcbdf1eb9e8

  • SHA1

    3e2cf8d26b5a9cb4e7224617ad9a12bea2921b4c

  • SHA256

    5b5fd8f37a036d8323fd02dbd8ae21ba233d591ed2e45dac8ce887bd505e2cf6

  • SHA512

    042f7e57c1477aaafabb7bd3ccd41ba787f65bbd544ff06517290db7bbffef803a9e5839e6d8cd4c78238e1681a078a08261fe675d59205cbac685f768d1588f

  • SSDEEP

    12288:FMrOy90sSi8E2Qwi8YupgdaZLdHssxTH9i3USAs:nyLJLwi8YE0aZLdHsQk3t

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5b5fd8f37a036d8323fd02dbd8ae21ba233d591ed2e45dac8ce887bd505e2cf6

    • Size

      580KB

    • MD5

      b4518646701999e56883fbcbdf1eb9e8

    • SHA1

      3e2cf8d26b5a9cb4e7224617ad9a12bea2921b4c

    • SHA256

      5b5fd8f37a036d8323fd02dbd8ae21ba233d591ed2e45dac8ce887bd505e2cf6

    • SHA512

      042f7e57c1477aaafabb7bd3ccd41ba787f65bbd544ff06517290db7bbffef803a9e5839e6d8cd4c78238e1681a078a08261fe675d59205cbac685f768d1588f

    • SSDEEP

      12288:FMrOy90sSi8E2Qwi8YupgdaZLdHssxTH9i3USAs:nyLJLwi8YE0aZLdHsQk3t

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks