Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1

  • Size

    823KB

  • Sample

    230821-efkqesaf83

  • MD5

    518f0ed5a5fb0affd243f17820ff9daf

  • SHA1

    713884f771ed469091f0ff492d993c55ac04cac4

  • SHA256

    09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1

  • SHA512

    1ad6ab6dcf99b4aa6bed4c87e76c1bb0cd63efa848c5e1a1ce432a2f07275db137654822ba57328320b5771354e2184c8ad0b8cf37773633353ea7bae83610c0

  • SSDEEP

    12288:dMrHy90GYbFfNluw400uhhOjSjuQNv6tBKJyCZiUOK1oab2KK6gVDAFI90:KyfAQR0R0jypCBmytUZ1B2lrDAFI90

Malware Config

Extracted

Family

redline

Botnet

chang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92b880db64e691d6bb290d1536ce7688

Targets

    • Target

      09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1

    • Size

      823KB

    • MD5

      518f0ed5a5fb0affd243f17820ff9daf

    • SHA1

      713884f771ed469091f0ff492d993c55ac04cac4

    • SHA256

      09e148a390e7e504a16b68177f076a9c7f0b7b3bddb34d319a7a534a7ba0aed1

    • SHA512

      1ad6ab6dcf99b4aa6bed4c87e76c1bb0cd63efa848c5e1a1ce432a2f07275db137654822ba57328320b5771354e2184c8ad0b8cf37773633353ea7bae83610c0

    • SSDEEP

      12288:dMrHy90GYbFfNluw400uhhOjSjuQNv6tBKJyCZiUOK1oab2KK6gVDAFI90:KyfAQR0R0jypCBmytUZ1B2lrDAFI90

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks