Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0132577e4df07ffbf3ee14034deba6422ebebf6f89387cc54203bc3d19335f35

  • Size

    938KB

  • Sample

    230902-peh6bacg9t

  • MD5

    712dc53f8f5ce26b3ad87268c5c54e65

  • SHA1

    ecfa8c500b07f77ca9283e77954cb337341f7393

  • SHA256

    0132577e4df07ffbf3ee14034deba6422ebebf6f89387cc54203bc3d19335f35

  • SHA512

    1029b058248160cc0c24d0c6d9f8895d10be3300a0b3fb3e79579651bdd78c9d8fde22048182530d30a24b40971f55d7d088e5d51b3b9956a8bb93da817d01ed

  • SSDEEP

    12288:sMrYy901kqURGhyPgvvF4UgxYDW6UsOsvfmeoR1OA3yR39cNdMc+Ckke2e0yvTO:UyOUg+UlWAeLToNWFNe2efvTO

Malware Config

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes
  • auth_value

    07924f5ef90576eb64faea857b8ba3e5

Targets

    • Target

      0132577e4df07ffbf3ee14034deba6422ebebf6f89387cc54203bc3d19335f35

    • Size

      938KB

    • MD5

      712dc53f8f5ce26b3ad87268c5c54e65

    • SHA1

      ecfa8c500b07f77ca9283e77954cb337341f7393

    • SHA256

      0132577e4df07ffbf3ee14034deba6422ebebf6f89387cc54203bc3d19335f35

    • SHA512

      1029b058248160cc0c24d0c6d9f8895d10be3300a0b3fb3e79579651bdd78c9d8fde22048182530d30a24b40971f55d7d088e5d51b3b9956a8bb93da817d01ed

    • SSDEEP

      12288:sMrYy901kqURGhyPgvvF4UgxYDW6UsOsvfmeoR1OA3yR39cNdMc+Ckke2e0yvTO:UyOUg+UlWAeLToNWFNe2efvTO

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks