Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4b5ac01b9c3209fb0bcddbad0986bb4a.exe

  • Size

    1.2MB

  • Sample

    230716-h9zyzsch64

  • MD5

    4b5ac01b9c3209fb0bcddbad0986bb4a

  • SHA1

    65f2ae841ced39a952231d5c948a03656722e518

  • SHA256

    5de64d5ab56bad52329947e26f8110fed2348f921e93665a3999fc44153d6ef8

  • SHA512

    cc70c77b2ba9c02593ba6053a98b31cb024fcf0558df0c33baaca4e814c1f71e83829d653640f229a954c88299bb463edbb64b2c9b1d304bda6d281c2df75c0c

  • SSDEEP

    24576:kyYAb9wJ23e65odkfOhx+JdiKF6aLxOvTv/K1xBha1/jSZ6ZLBv:zX9wZMrlam7s

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes
  • auth_value

    ee1df63bcdbe3de70f52810d94eaff7d

Targets

    • Target

      4b5ac01b9c3209fb0bcddbad0986bb4a.exe

    • Size

      1.2MB

    • MD5

      4b5ac01b9c3209fb0bcddbad0986bb4a

    • SHA1

      65f2ae841ced39a952231d5c948a03656722e518

    • SHA256

      5de64d5ab56bad52329947e26f8110fed2348f921e93665a3999fc44153d6ef8

    • SHA512

      cc70c77b2ba9c02593ba6053a98b31cb024fcf0558df0c33baaca4e814c1f71e83829d653640f229a954c88299bb463edbb64b2c9b1d304bda6d281c2df75c0c

    • SSDEEP

      24576:kyYAb9wJ23e65odkfOhx+JdiKF6aLxOvTv/K1xBha1/jSZ6ZLBv:zX9wZMrlam7s

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks