Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7b76520e2f364efdf2d3ee2d6.exe

  • Size

    528KB

  • Sample

    230708-t9ylpsfg22

  • MD5

    7b76520e2f364efdf2d3ee2d632ce92b

  • SHA1

    8eb41a2bf5318b77c68eb29573db33ce1697fd75

  • SHA256

    65c758ae3a7552d5e41a153fe2dc8af896269ede3fedb6e653d815505ff372ad

  • SHA512

    e29bbf0eaebe6c45f372e2fa6e5707153af0ea7680abfefebde197807b4d4b7e78e6f8b146a9d8dd79f0986f0081921f61517b2c54da3e5e6f4320c53cfe9be6

  • SSDEEP

    12288:ShQPfveaRdnQgouHfYvCM58KOf/65hXffqH/E6kk0:ShQ3ve82gPSg+PCshZ

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      7b76520e2f364efdf2d3ee2d6.exe

    • Size

      528KB

    • MD5

      7b76520e2f364efdf2d3ee2d632ce92b

    • SHA1

      8eb41a2bf5318b77c68eb29573db33ce1697fd75

    • SHA256

      65c758ae3a7552d5e41a153fe2dc8af896269ede3fedb6e653d815505ff372ad

    • SHA512

      e29bbf0eaebe6c45f372e2fa6e5707153af0ea7680abfefebde197807b4d4b7e78e6f8b146a9d8dd79f0986f0081921f61517b2c54da3e5e6f4320c53cfe9be6

    • SSDEEP

      12288:ShQPfveaRdnQgouHfYvCM58KOf/65hXffqH/E6kk0:ShQ3ve82gPSg+PCshZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks