Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e7bbf078734a92a046d9652461b197077425ea9f611b3f805f07d4fe917a2a42

  • Size

    505KB

  • Sample

    230816-ffdgsafe25

  • MD5

    b7a20fbacb71191e0b100535dc4cccd6

  • SHA1

    14fa425ee1f4391b96343cfe8cb4952d4e980d89

  • SHA256

    e7bbf078734a92a046d9652461b197077425ea9f611b3f805f07d4fe917a2a42

  • SHA512

    2794b55b4af5d67c3c08d147ed53982b924b546f82f314c15c8fc02b552eef8ae659860c9705030185f0c0d12d3744988fbc468d261ab2dc37ed9fd985099fa8

  • SSDEEP

    12288:vMrdy90sGY0wPhbygF5EAhsSAX34//7K9fHHHuwcPg:SyK36V22sSAHE/qHcY

Malware Config

Extracted

Family

redline

Botnet

meson

C2

77.91.124.54:19071

Attributes
  • auth_value

    47ca57ebe5c142c9ad4650f71bf57877

Targets

    • Target

      e7bbf078734a92a046d9652461b197077425ea9f611b3f805f07d4fe917a2a42

    • Size

      505KB

    • MD5

      b7a20fbacb71191e0b100535dc4cccd6

    • SHA1

      14fa425ee1f4391b96343cfe8cb4952d4e980d89

    • SHA256

      e7bbf078734a92a046d9652461b197077425ea9f611b3f805f07d4fe917a2a42

    • SHA512

      2794b55b4af5d67c3c08d147ed53982b924b546f82f314c15c8fc02b552eef8ae659860c9705030185f0c0d12d3744988fbc468d261ab2dc37ed9fd985099fa8

    • SSDEEP

      12288:vMrdy90sGY0wPhbygF5EAhsSAX34//7K9fHHHuwcPg:SyK36V22sSAHE/qHcY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks