Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14e66789ed13e60a8e16aae8f6f50b6c26466b75bdef72c289d22514720fa22f

  • Size

    1.0MB

  • Sample

    230902-tm77maea7w

  • MD5

    9a3c2eed6740ec94af81160a13bd1332

  • SHA1

    7d42e79b6b0f490d78edb39b29014118c6c9f839

  • SHA256

    14e66789ed13e60a8e16aae8f6f50b6c26466b75bdef72c289d22514720fa22f

  • SHA512

    b9c15ca26ca2b10ce11b5f90c5eb515cf758e51908e9fe2acabb1edb554d912a009eb0fdb14a723d01a9769e618b907701fe85f4cd677fa20f3ce6f8ea1d1deb

  • SSDEEP

    24576:IydHObmPPxVlJZBvvNXqF/h0EqJFnz0FvOh7T9R+QN:PdHOqPxVlnRv5qnjqXz0FvOh7JR+Q

Malware Config

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes
  • auth_value

    07924f5ef90576eb64faea857b8ba3e5

Targets

    • Target

      14e66789ed13e60a8e16aae8f6f50b6c26466b75bdef72c289d22514720fa22f

    • Size

      1.0MB

    • MD5

      9a3c2eed6740ec94af81160a13bd1332

    • SHA1

      7d42e79b6b0f490d78edb39b29014118c6c9f839

    • SHA256

      14e66789ed13e60a8e16aae8f6f50b6c26466b75bdef72c289d22514720fa22f

    • SHA512

      b9c15ca26ca2b10ce11b5f90c5eb515cf758e51908e9fe2acabb1edb554d912a009eb0fdb14a723d01a9769e618b907701fe85f4cd677fa20f3ce6f8ea1d1deb

    • SSDEEP

      24576:IydHObmPPxVlJZBvvNXqF/h0EqJFnz0FvOh7T9R+QN:PdHOqPxVlnRv5qnjqXz0FvOh7JR+Q

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks