Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cf4cd19fab267dc1a0913ebbd2fea0ea7866f381198f392ec01263fa14e2131c

  • Size

    563KB

  • Sample

    230818-ej2s4sfc89

  • MD5

    d16bbdb3434a759c2bbd9f2393eedb40

  • SHA1

    7fe290fcc0f264d15d3f3cf7fd78da2812d4ddd7

  • SHA256

    cf4cd19fab267dc1a0913ebbd2fea0ea7866f381198f392ec01263fa14e2131c

  • SHA512

    118e33231532b58a605ca8efad567ebe539abefec21f85e1958ed9e707b5c6ae1d6532146795ede371d1794965be4e394098463a68e675a52ea163b5b9a539ad

  • SSDEEP

    12288:TMriy90n7FSTCgfftr3pN2P6j0sSrrnZXijvG:1ym5Rgfftr3mPwK

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes
  • auth_value

    9dd7a0be219be9b6228dc9b4e112b812

Targets

    • Target

      cf4cd19fab267dc1a0913ebbd2fea0ea7866f381198f392ec01263fa14e2131c

    • Size

      563KB

    • MD5

      d16bbdb3434a759c2bbd9f2393eedb40

    • SHA1

      7fe290fcc0f264d15d3f3cf7fd78da2812d4ddd7

    • SHA256

      cf4cd19fab267dc1a0913ebbd2fea0ea7866f381198f392ec01263fa14e2131c

    • SHA512

      118e33231532b58a605ca8efad567ebe539abefec21f85e1958ed9e707b5c6ae1d6532146795ede371d1794965be4e394098463a68e675a52ea163b5b9a539ad

    • SSDEEP

      12288:TMriy90n7FSTCgfftr3pN2P6j0sSrrnZXijvG:1ym5Rgfftr3mPwK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks