Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f80213c08d7fa8b854d50c03c25930ace80317c5b2d86e64bfba86f05bb65c5d

  • Size

    838KB

  • Sample

    230822-k638cach2x

  • MD5

    7ca0b75c7b8687e9239349629d25ae29

  • SHA1

    457bef3412101c45275f28ae79dc2271d810a601

  • SHA256

    f80213c08d7fa8b854d50c03c25930ace80317c5b2d86e64bfba86f05bb65c5d

  • SHA512

    1e2e4c4da9e92a5504eb52ffcfcf6b2a8d0408dee97b9b1c878482a70e89cf3caddbcc2eff26ade3f7bc95e0e9c5adf59e13b2ff55610e66185e2e1a253fdc82

  • SSDEEP

    24576:RyT9ClFjD/Gw5m26ISFHWcY4zcfdw9uDxw:E5ClF//Ld6v2Z5wm

Malware Config

Extracted

Family

redline

Botnet

piter

C2

77.91.124.73:19071

Attributes
  • auth_value

    7f92ff466423bb35edbfbc22f78b0bb9

Targets

    • Target

      f80213c08d7fa8b854d50c03c25930ace80317c5b2d86e64bfba86f05bb65c5d

    • Size

      838KB

    • MD5

      7ca0b75c7b8687e9239349629d25ae29

    • SHA1

      457bef3412101c45275f28ae79dc2271d810a601

    • SHA256

      f80213c08d7fa8b854d50c03c25930ace80317c5b2d86e64bfba86f05bb65c5d

    • SHA512

      1e2e4c4da9e92a5504eb52ffcfcf6b2a8d0408dee97b9b1c878482a70e89cf3caddbcc2eff26ade3f7bc95e0e9c5adf59e13b2ff55610e66185e2e1a253fdc82

    • SSDEEP

      24576:RyT9ClFjD/Gw5m26ISFHWcY4zcfdw9uDxw:E5ClF//Ld6v2Z5wm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks