Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00

  • Size

    929KB

  • Sample

    230823-shlbmada73

  • MD5

    5078ac99d7507eb4473849beafb88198

  • SHA1

    926320d9d26cc34da0726351afd595e0b5587483

  • SHA256

    97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00

  • SHA512

    c4d5f2df89dfd0e1843c71429b85169f87a79691ef6510df89c7c4c082fa6d8886a5ca7e69e1ffaa227796b0018a1096c9168892058bd90dc38521cb2774387f

  • SSDEEP

    24576:eymS4N2PzzSAkndiDJ85MvCf/hgbMIkNBL4B9GMA:tmyXQdimqaFjNZi8

Malware Config

Extracted

Family

redline

Botnet

gogi

C2

77.91.124.73:19071

Attributes
  • auth_value

    c7dbabcf1eff128a595c7532cb5489a8

Targets

    • Target

      97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00

    • Size

      929KB

    • MD5

      5078ac99d7507eb4473849beafb88198

    • SHA1

      926320d9d26cc34da0726351afd595e0b5587483

    • SHA256

      97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00

    • SHA512

      c4d5f2df89dfd0e1843c71429b85169f87a79691ef6510df89c7c4c082fa6d8886a5ca7e69e1ffaa227796b0018a1096c9168892058bd90dc38521cb2774387f

    • SSDEEP

      24576:eymS4N2PzzSAkndiDJ85MvCf/hgbMIkNBL4B9GMA:tmyXQdimqaFjNZi8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks