Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e6c91199dccbf70fcb1ac3e47cc67ee0_NeikiAnalytics

  • Size

    1.1MB

  • Sample

    240516-vy7kxafd51

  • MD5

    e6c91199dccbf70fcb1ac3e47cc67ee0

  • SHA1

    da5e14743674dfe3cc8deff2fd4343281980c3d9

  • SHA256

    4499a634936f69123cefe21b737da04378dfa55704a050401674eb0cff8a0878

  • SHA512

    1c64a6bec6f6dfde11b10b39f37eede2af11e967aef4ed525e9544374211b7db47e67d16727ca27f23de69ad4ea3acc991fbd9a48cf3d199f5ed92b2c533740a

  • SSDEEP

    24576:pyKjRVpBRnS57d+Quoyz/MtuNu9glW8BC5sm9Buga7z2y+:cKHpBRnShdl079NzlW8MC8uzD

Malware Config

Extracted

Family

redline

Botnet

motor

C2

185.161.248.75:4132

Attributes
  • auth_value

    ec19ab9989a783983c5cbbc0e5ac4a5f

Targets

    • Target

      e6c91199dccbf70fcb1ac3e47cc67ee0_NeikiAnalytics

    • Size

      1.1MB

    • MD5

      e6c91199dccbf70fcb1ac3e47cc67ee0

    • SHA1

      da5e14743674dfe3cc8deff2fd4343281980c3d9

    • SHA256

      4499a634936f69123cefe21b737da04378dfa55704a050401674eb0cff8a0878

    • SHA512

      1c64a6bec6f6dfde11b10b39f37eede2af11e967aef4ed525e9544374211b7db47e67d16727ca27f23de69ad4ea3acc991fbd9a48cf3d199f5ed92b2c533740a

    • SSDEEP

      24576:pyKjRVpBRnS57d+Quoyz/MtuNu9glW8BC5sm9Buga7z2y+:cKHpBRnShdl079NzlW8MC8uzD

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks