Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa96fcd06ef78f9ccb75fac2386b86b1a6c181c203151fb92fcdd45b8ddbe359

  • Size

    580KB

  • Sample

    230605-r9r3tahc28

  • MD5

    e59ba44ba2941b99c5da7513f08d4991

  • SHA1

    21947e8b542b130670fcd4ec8df9aaa3e500dd22

  • SHA256

    aa96fcd06ef78f9ccb75fac2386b86b1a6c181c203151fb92fcdd45b8ddbe359

  • SHA512

    1a20c2e491f07e6b474b98de496fb8550104e2dc1b9c8aa01bdf78a7832299daae33010a046f6837703f018d69b6e4dc9a352a53bc3fb526df43cd4d07313417

  • SSDEEP

    12288:MMr0y90MdBxzybhOIdI3k0wr7dZb8QOdq1/Pbjf1eYt06v:wyNdPzwhOIS3Hwnvb8hdq1H1tZv

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      aa96fcd06ef78f9ccb75fac2386b86b1a6c181c203151fb92fcdd45b8ddbe359

    • Size

      580KB

    • MD5

      e59ba44ba2941b99c5da7513f08d4991

    • SHA1

      21947e8b542b130670fcd4ec8df9aaa3e500dd22

    • SHA256

      aa96fcd06ef78f9ccb75fac2386b86b1a6c181c203151fb92fcdd45b8ddbe359

    • SHA512

      1a20c2e491f07e6b474b98de496fb8550104e2dc1b9c8aa01bdf78a7832299daae33010a046f6837703f018d69b6e4dc9a352a53bc3fb526df43cd4d07313417

    • SSDEEP

      12288:MMr0y90MdBxzybhOIdI3k0wr7dZb8QOdq1/Pbjf1eYt06v:wyNdPzwhOIS3Hwnvb8hdq1H1tZv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks