Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd

  • Size

    839KB

  • Sample

    230821-p29lsach36

  • MD5

    90ce9339b86b2041a6805e4b37f5bf00

  • SHA1

    937696856fd132128b2130b40581515b198e0c1a

  • SHA256

    6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd

  • SHA512

    74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1

  • SSDEEP

    12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0

Malware Config

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes
  • auth_value

    92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

    • Target

      6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd

    • Size

      839KB

    • MD5

      90ce9339b86b2041a6805e4b37f5bf00

    • SHA1

      937696856fd132128b2130b40581515b198e0c1a

    • SHA256

      6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd

    • SHA512

      74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1

    • SSDEEP

      12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks