Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    98f029837e9c2306a1724504af641029af6968ab8c1e37017dae818fcbc00499

  • Size

    741KB

  • Sample

    230820-tts2aaab5w

  • MD5

    ddf122221d42677c05ef04a08567fb76

  • SHA1

    53ba05ba4158a12f5caf0c287a1b289068e6b249

  • SHA256

    98f029837e9c2306a1724504af641029af6968ab8c1e37017dae818fcbc00499

  • SHA512

    a0d09e6b6a3409b6341ac2d8f3ac7c226f9a066302e2c01f92da9e9a7202088d7cbc59738578cbab8893ff996f03b8911a9a8b3ad761c9c738d3c7e6fa0486d5

  • SSDEEP

    12288:mMrKy9031bLUakQlqez64MuveulPzs9iuPRXehLHhPiX6o0gyoB:oyq7lqez6ulXoehDhq60

Malware Config

Extracted

Family

redline

Botnet

chang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92b880db64e691d6bb290d1536ce7688

Targets

    • Target

      98f029837e9c2306a1724504af641029af6968ab8c1e37017dae818fcbc00499

    • Size

      741KB

    • MD5

      ddf122221d42677c05ef04a08567fb76

    • SHA1

      53ba05ba4158a12f5caf0c287a1b289068e6b249

    • SHA256

      98f029837e9c2306a1724504af641029af6968ab8c1e37017dae818fcbc00499

    • SHA512

      a0d09e6b6a3409b6341ac2d8f3ac7c226f9a066302e2c01f92da9e9a7202088d7cbc59738578cbab8893ff996f03b8911a9a8b3ad761c9c738d3c7e6fa0486d5

    • SSDEEP

      12288:mMrKy9031bLUakQlqez64MuveulPzs9iuPRXehLHhPiX6o0gyoB:oyq7lqez6ulXoehDhq60

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks