Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b249c5a0b1ee99e3060f19afdea7d28713c987ff458a27856e10a43567733f86

  • Size

    890KB

  • Sample

    230820-gy2srsfb6s

  • MD5

    4509d508c7b4caef11ae0774406fe581

  • SHA1

    c75b89d4b2d895a2f260e5b0e545d9442e65736a

  • SHA256

    b249c5a0b1ee99e3060f19afdea7d28713c987ff458a27856e10a43567733f86

  • SHA512

    cca366cae7c2994db3d0688cc54ffdc5565fa1fb32a1600aac1e20b1811001cb158f9bfe2a72aefe511009761d915c9c74a90a1f8a6e28112b52f16e31f791e9

  • SSDEEP

    24576:nyPfNFFFsIgYsS+tWFqysZH9zsSb9CvYQkVp:yPfNSYGAFDsZdz7b9C3

Malware Config

Extracted

Family

redline

Botnet

jonka

C2

77.91.124.73:19071

Attributes
  • auth_value

    c95bc30cd252fa6dff2a19fd78bfab4e

Targets

    • Target

      b249c5a0b1ee99e3060f19afdea7d28713c987ff458a27856e10a43567733f86

    • Size

      890KB

    • MD5

      4509d508c7b4caef11ae0774406fe581

    • SHA1

      c75b89d4b2d895a2f260e5b0e545d9442e65736a

    • SHA256

      b249c5a0b1ee99e3060f19afdea7d28713c987ff458a27856e10a43567733f86

    • SHA512

      cca366cae7c2994db3d0688cc54ffdc5565fa1fb32a1600aac1e20b1811001cb158f9bfe2a72aefe511009761d915c9c74a90a1f8a6e28112b52f16e31f791e9

    • SSDEEP

      24576:nyPfNFFFsIgYsS+tWFqysZH9zsSb9CvYQkVp:yPfNSYGAFDsZdz7b9C3

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks