Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f458c6906bc69275dd873400d1338c15ad311144b05f51c0e205cf7f038ba871

  • Size

    927KB

  • Sample

    230823-wvj6wagb8z

  • MD5

    8931772ac129966a57259992aaf6bbf5

  • SHA1

    1a312aba62f193bb70f62605df551782624f8a98

  • SHA256

    f458c6906bc69275dd873400d1338c15ad311144b05f51c0e205cf7f038ba871

  • SHA512

    dcabf94e5bbabce5313352ab14a4f0cb7caa875a0711ed440a583e281bf3d0b7f02b063c51e85102b932f57b653c9116a5170123d37a45d685a597174a0b0fc0

  • SSDEEP

    24576:GyhnkM3KrLMEDKjziVi+la5aLu4Au73chDd:VhkQqvDKjClSaHv

Malware Config

Extracted

Family

redline

Botnet

gogi

C2

77.91.124.73:19071

Attributes
  • auth_value

    c7dbabcf1eff128a595c7532cb5489a8

Targets

    • Target

      f458c6906bc69275dd873400d1338c15ad311144b05f51c0e205cf7f038ba871

    • Size

      927KB

    • MD5

      8931772ac129966a57259992aaf6bbf5

    • SHA1

      1a312aba62f193bb70f62605df551782624f8a98

    • SHA256

      f458c6906bc69275dd873400d1338c15ad311144b05f51c0e205cf7f038ba871

    • SHA512

      dcabf94e5bbabce5313352ab14a4f0cb7caa875a0711ed440a583e281bf3d0b7f02b063c51e85102b932f57b653c9116a5170123d37a45d685a597174a0b0fc0

    • SSDEEP

      24576:GyhnkM3KrLMEDKjziVi+la5aLu4Au73chDd:VhkQqvDKjClSaHv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks