Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700

  • Size

    826KB

  • Sample

    230824-kvjdsscg6y

  • MD5

    18405c37f6af9d0c4457645db5930eaf

  • SHA1

    60cfd3530b05e8dec2227ef3e7ddb7749971f335

  • SHA256

    093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700

  • SHA512

    7e2ca74cc496c473764cb3e413bf58d97166609f8cb70291885f3ef0509cd4dcc460e96086e9920adcc90454cd5b8b34bf2abed098c649586362720c49917082

  • SSDEEP

    12288:HMr6y90ijUtjpRLIKXU1HHcDeNZSN6gotS0RkWqer12xrwa8gi4JSt4:JyojpBIKUHcDyAN6LBkR81awXK64

Malware Config

Extracted

Family

redline

Botnet

rwan

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c40eda5da4f888d6f61befbf947d9fe

Targets

    • Target

      093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700

    • Size

      826KB

    • MD5

      18405c37f6af9d0c4457645db5930eaf

    • SHA1

      60cfd3530b05e8dec2227ef3e7ddb7749971f335

    • SHA256

      093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700

    • SHA512

      7e2ca74cc496c473764cb3e413bf58d97166609f8cb70291885f3ef0509cd4dcc460e96086e9920adcc90454cd5b8b34bf2abed098c649586362720c49917082

    • SSDEEP

      12288:HMr6y90ijUtjpRLIKXU1HHcDeNZSN6gotS0RkWqer12xrwa8gi4JSt4:JyojpBIKUHcDyAN6LBkR81awXK64

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks