Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    40f026f5ac84239706230b92ace37bbdd1309c67fcb402e0aa5cc132457ecc9e

  • Size

    929KB

  • Sample

    230824-3mj98sgb38

  • MD5

    01095b3275e0279e54d486cff819b4c7

  • SHA1

    2461018bd5c362f7b733487d836af95648b03b5a

  • SHA256

    40f026f5ac84239706230b92ace37bbdd1309c67fcb402e0aa5cc132457ecc9e

  • SHA512

    8944baa9e4afa0f451c1ef3b9348978df98fed927d122f76eefe4f0b942ed8be7ce89590ce80804fa32f4e0d423080083d518c5a4b0f96bdcd28d9bc0cf24459

  • SSDEEP

    12288:5MrQy90J3onxZ2uG/gNLA/Z1lfovIqgKCWHvbL5rIWacyyAmKrd8GFpdSFyJdPvE:lysQfMZgwqg186WactAmgXdomypn

Malware Config

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes
  • auth_value

    393905212ded984248e8e000e612d4fe

Targets

    • Target

      40f026f5ac84239706230b92ace37bbdd1309c67fcb402e0aa5cc132457ecc9e

    • Size

      929KB

    • MD5

      01095b3275e0279e54d486cff819b4c7

    • SHA1

      2461018bd5c362f7b733487d836af95648b03b5a

    • SHA256

      40f026f5ac84239706230b92ace37bbdd1309c67fcb402e0aa5cc132457ecc9e

    • SHA512

      8944baa9e4afa0f451c1ef3b9348978df98fed927d122f76eefe4f0b942ed8be7ce89590ce80804fa32f4e0d423080083d518c5a4b0f96bdcd28d9bc0cf24459

    • SSDEEP

      12288:5MrQy90J3onxZ2uG/gNLA/Z1lfovIqgKCWHvbL5rIWacyyAmKrd8GFpdSFyJdPvE:lysQfMZgwqg186WactAmgXdomypn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks