Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7a2b8d9dbb08338b078c2270b66010c0_NeikiAnalytics

  • Size

    316KB

  • Sample

    240516-cf43ysfg82

  • MD5

    7a2b8d9dbb08338b078c2270b66010c0

  • SHA1

    c15580da05915a08bf6065adbeacbaf3dc0da348

  • SHA256

    c81bc7831eb8bf73d67379be4d3b03944fc18873944de10d1e02f9de54dfcc44

  • SHA512

    33cc67f35e3da6b7cab3f2e4af72134c49c953ceb7b520628a3b219bcdd42d9ed865ad486d045364d201d33ff49caa6758ac67bb1c895e09a3615b7d9da99946

  • SSDEEP

    6144:Kmy+bnr+Vp0yN90QE+6vZrMgXGma0+qSNF1liDHpgZ7A:mMr5y900mNRGfNmph

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      7a2b8d9dbb08338b078c2270b66010c0_NeikiAnalytics

    • Size

      316KB

    • MD5

      7a2b8d9dbb08338b078c2270b66010c0

    • SHA1

      c15580da05915a08bf6065adbeacbaf3dc0da348

    • SHA256

      c81bc7831eb8bf73d67379be4d3b03944fc18873944de10d1e02f9de54dfcc44

    • SHA512

      33cc67f35e3da6b7cab3f2e4af72134c49c953ceb7b520628a3b219bcdd42d9ed865ad486d045364d201d33ff49caa6758ac67bb1c895e09a3615b7d9da99946

    • SSDEEP

      6144:Kmy+bnr+Vp0yN90QE+6vZrMgXGma0+qSNF1liDHpgZ7A:mMr5y900mNRGfNmph

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks