Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b2d24b231d7f3eed7b517f38077ecb890957c334dda06da0a016caa5a15c6cc9

  • Size

    839KB

  • Sample

    230821-n9c24scf97

  • MD5

    2f0f3501e75807204f2a215c99eff42b

  • SHA1

    d5b2da2d56009801643eace5069ff77b8419cee6

  • SHA256

    b2d24b231d7f3eed7b517f38077ecb890957c334dda06da0a016caa5a15c6cc9

  • SHA512

    01fc9ff907ece489d7f307197a2b2d1dd53ff15a3d6b33fbf8a349bea4ce88d4cce9fc582932eb5d1f45219d0011285a6c5bc72798f08e551a9c69a346901f9a

  • SSDEEP

    24576:1ymZ+HfQSeDGLM0r++UkHLgemkHlSN0AxxUd:QmZORJL3ZH8etlSN1xx

Malware Config

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

    • Target

      b2d24b231d7f3eed7b517f38077ecb890957c334dda06da0a016caa5a15c6cc9

    • Size

      839KB

    • MD5

      2f0f3501e75807204f2a215c99eff42b

    • SHA1

      d5b2da2d56009801643eace5069ff77b8419cee6

    • SHA256

      b2d24b231d7f3eed7b517f38077ecb890957c334dda06da0a016caa5a15c6cc9

    • SHA512

      01fc9ff907ece489d7f307197a2b2d1dd53ff15a3d6b33fbf8a349bea4ce88d4cce9fc582932eb5d1f45219d0011285a6c5bc72798f08e551a9c69a346901f9a

    • SSDEEP

      24576:1ymZ+HfQSeDGLM0r++UkHLgemkHlSN0AxxUd:QmZORJL3ZH8etlSN1xx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks