Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26

  • Size

    505KB

  • Sample

    230816-str9bade5y

  • MD5

    b8c795216a2c012e9d39db2e5cf573e2

  • SHA1

    e1050257a2e944b5f868202845102f18c39c5eb8

  • SHA256

    0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26

  • SHA512

    8eebbb7afd943f20f7bce140faa3b433ce164d6e4453ffddc66528565c9f70ad30f7e87636272c9174e0be817e3ef720c9b088c509e69c3902d8359a24a1681a

  • SSDEEP

    12288:qMrRy900zT5opJnx2qqhnStdqfTMNNIfkZO3PJHctw:Ty0x2qqhStdq7MNNdFtw

Malware Config

Extracted

Family

redline

Botnet

dava

C2

77.91.124.54:19071

Attributes
  • auth_value

    3ce5222c1baaa06681dfe0012ce1de23

Targets

    • Target

      0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26

    • Size

      505KB

    • MD5

      b8c795216a2c012e9d39db2e5cf573e2

    • SHA1

      e1050257a2e944b5f868202845102f18c39c5eb8

    • SHA256

      0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26

    • SHA512

      8eebbb7afd943f20f7bce140faa3b433ce164d6e4453ffddc66528565c9f70ad30f7e87636272c9174e0be817e3ef720c9b088c509e69c3902d8359a24a1681a

    • SSDEEP

      12288:qMrRy900zT5opJnx2qqhnStdqfTMNNIfkZO3PJHctw:Ty0x2qqhStdq7MNNdFtw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks