Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5

  • Size

    505KB

  • Sample

    230815-ywvp4sdd89

  • MD5

    48afb85a07c02347c97a29ea9edf4b44

  • SHA1

    f51b36e8fdfe14f001f7f5cd003291ddae59556f

  • SHA256

    ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5

  • SHA512

    3fcd81fc5f91b3ce5b7fecff60ac70fe16c3008272e5f1add64f20edbf7f83c234c915c234a1c93812959eb70cfc8e3e0558c487278e84cda443ba9b59ae6994

  • SSDEEP

    12288:IMrVy90v7/1yLRRymj0s7RsL6Rb9Hr7zjKeKIQ+AMeBw8:9yC7/1gDHj0sL5r7fKe/V7e+8

Malware Config

Extracted

Family

redline

Botnet

meson

C2

77.91.124.54:19071

Attributes
  • auth_value

    47ca57ebe5c142c9ad4650f71bf57877

Targets

    • Target

      ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5

    • Size

      505KB

    • MD5

      48afb85a07c02347c97a29ea9edf4b44

    • SHA1

      f51b36e8fdfe14f001f7f5cd003291ddae59556f

    • SHA256

      ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5

    • SHA512

      3fcd81fc5f91b3ce5b7fecff60ac70fe16c3008272e5f1add64f20edbf7f83c234c915c234a1c93812959eb70cfc8e3e0558c487278e84cda443ba9b59ae6994

    • SSDEEP

      12288:IMrVy90v7/1yLRRymj0s7RsL6Rb9Hr7zjKeKIQ+AMeBw8:9yC7/1gDHj0sL5r7fKe/V7e+8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks