Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf60735c103200ff92353a4109190972b95a0be61b66c7b8ba45037e978e7061

  • Size

    584KB

  • Sample

    230606-ehpgdsce41

  • MD5

    50d4f953915a8905644fff33f3c5d93d

  • SHA1

    293b4f1218cc602258bbfe4a31b26134e2030619

  • SHA256

    bf60735c103200ff92353a4109190972b95a0be61b66c7b8ba45037e978e7061

  • SHA512

    7034becfdcae0d1d635f329c84f3c8cc2ecfff09a46ce1fbc4b155fa8b06418a36ab9a1ba22ccb3ef3f83a8b5903ea237f7a7a61d64c7f3344425a4f935a8642

  • SSDEEP

    12288:gMrOy90SQldGhVwqYRwArrB9ZFjQ8P2FouPTyRRIhrtP8qhHspQo:+yeldQXHq9dju+HI/Xyao

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      bf60735c103200ff92353a4109190972b95a0be61b66c7b8ba45037e978e7061

    • Size

      584KB

    • MD5

      50d4f953915a8905644fff33f3c5d93d

    • SHA1

      293b4f1218cc602258bbfe4a31b26134e2030619

    • SHA256

      bf60735c103200ff92353a4109190972b95a0be61b66c7b8ba45037e978e7061

    • SHA512

      7034becfdcae0d1d635f329c84f3c8cc2ecfff09a46ce1fbc4b155fa8b06418a36ab9a1ba22ccb3ef3f83a8b5903ea237f7a7a61d64c7f3344425a4f935a8642

    • SSDEEP

      12288:gMrOy90SQldGhVwqYRwArrB9ZFjQ8P2FouPTyRRIhrtP8qhHspQo:+yeldQXHq9dju+HI/Xyao

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks