Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3ff1c62ec3950b969a4d744d73e4e7be76383467c51cd85f7120208791fbe418

  • Size

    891KB

  • Sample

    230820-ewtchadc87

  • MD5

    ec18c7ffab3f686f933f7944183c43bc

  • SHA1

    ac0654feb53d3b7a209907464207fa0fd1db7d51

  • SHA256

    3ff1c62ec3950b969a4d744d73e4e7be76383467c51cd85f7120208791fbe418

  • SHA512

    f6c0bfedfdf2c1e3dbf55b75895b4b5ef9b9b4566a67bab2256b63666b3f071f2e9f6704e563c92b4210313bc42cf81521bc9ae9699f55acbdd2c446787b84c8

  • SSDEEP

    24576:dycvvhozeRkzul7kz84WJnWVtIy3SpmyZ0i38:4QYzFzsWfI2VyWi

Malware Config

Extracted

Family

redline

Botnet

jonka

C2

77.91.124.73:19071

Attributes
  • auth_value

    c95bc30cd252fa6dff2a19fd78bfab4e

Targets

    • Target

      3ff1c62ec3950b969a4d744d73e4e7be76383467c51cd85f7120208791fbe418

    • Size

      891KB

    • MD5

      ec18c7ffab3f686f933f7944183c43bc

    • SHA1

      ac0654feb53d3b7a209907464207fa0fd1db7d51

    • SHA256

      3ff1c62ec3950b969a4d744d73e4e7be76383467c51cd85f7120208791fbe418

    • SHA512

      f6c0bfedfdf2c1e3dbf55b75895b4b5ef9b9b4566a67bab2256b63666b3f071f2e9f6704e563c92b4210313bc42cf81521bc9ae9699f55acbdd2c446787b84c8

    • SSDEEP

      24576:dycvvhozeRkzul7kz84WJnWVtIy3SpmyZ0i38:4QYzFzsWfI2VyWi

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks