Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf7c2c05d933486717d3ed336.exe

  • Size

    522KB

  • Sample

    230709-yg72wsge6z

  • MD5

    bf7c2c05d933486717d3ed3367b3aa74

  • SHA1

    fb4deb60a9f81ce8d8dab70d2faaa24a9e794b3d

  • SHA256

    3bd00d683822dec340705519745286e08cc08af7ea9f6d48732bb45c260db3c4

  • SHA512

    62b95692f4eefafc3d0b0afd05765014fc667b347157dd324010bb887d366bb0063952b1cde6e9c4f179fb6a45e820f5bffa6cf3e91dd248b820fb0cd3740ed4

  • SSDEEP

    12288:wWJufvMaRdnQgzp7qBM8fc41jsfO7B7TMDkmCim:wWJ0vM82gtKEeom7B7TMG

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      bf7c2c05d933486717d3ed336.exe

    • Size

      522KB

    • MD5

      bf7c2c05d933486717d3ed3367b3aa74

    • SHA1

      fb4deb60a9f81ce8d8dab70d2faaa24a9e794b3d

    • SHA256

      3bd00d683822dec340705519745286e08cc08af7ea9f6d48732bb45c260db3c4

    • SHA512

      62b95692f4eefafc3d0b0afd05765014fc667b347157dd324010bb887d366bb0063952b1cde6e9c4f179fb6a45e820f5bffa6cf3e91dd248b820fb0cd3740ed4

    • SSDEEP

      12288:wWJufvMaRdnQgzp7qBM8fc41jsfO7B7TMDkmCim:wWJ0vM82gtKEeom7B7TMG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks