Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    27de9936630ad1b2ab1520e1e78775c1.exe

  • Size

    432KB

  • Sample

    230820-scelwshe71

  • MD5

    27de9936630ad1b2ab1520e1e78775c1

  • SHA1

    1b0b992185c796a06e37dad95ecc4e56af8033fe

  • SHA256

    cc42f53d486da30f747ed6412188e020adf369280b17d481476f38cee1ab9786

  • SHA512

    82c8ee8d508628ceeecd8c752de17c88b7a71a72bf1bf1a51b60ef1bf71bf775d75177691ed810f43c77e539887bda2707658345b3906a283d017fcd99530203

  • SSDEEP

    6144:KOy+bnr+Wp0yN90QEbdaQtk+d/mIkB9zSRWA+jgckaZZq541/r0GMJ36apxX86Bs:yMrCy90ZVv/mDBtyaZU5ydvapJna0K

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes
  • auth_value

    9dd7a0be219be9b6228dc9b4e112b812

Targets

    • Target

      27de9936630ad1b2ab1520e1e78775c1.exe

    • Size

      432KB

    • MD5

      27de9936630ad1b2ab1520e1e78775c1

    • SHA1

      1b0b992185c796a06e37dad95ecc4e56af8033fe

    • SHA256

      cc42f53d486da30f747ed6412188e020adf369280b17d481476f38cee1ab9786

    • SHA512

      82c8ee8d508628ceeecd8c752de17c88b7a71a72bf1bf1a51b60ef1bf71bf775d75177691ed810f43c77e539887bda2707658345b3906a283d017fcd99530203

    • SSDEEP

      6144:KOy+bnr+Wp0yN90QEbdaQtk+d/mIkB9zSRWA+jgckaZZq541/r0GMJ36apxX86Bs:yMrCy90ZVv/mDBtyaZU5ydvapJna0K

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks