Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    z4921733.exe

  • Size

    372KB

  • Sample

    230825-e8jc3ahb59

  • MD5

    3356f0a504f98ebe19bb177856184fbd

  • SHA1

    be551871751081f37f458b7bf62656f3dc6ed89d

  • SHA256

    04564577997141d823ae97f19f8febb05160bde567c2c1439c74e4d24255ecdd

  • SHA512

    5cf27fcf13ed56ad49dff48ea7c8359d81c5ebe641aba8e4a31b4de783a8734770bfd3ca7e3188e3518b39be890bbe74baa90ffbda980c20e833d22428a1f6c6

  • SSDEEP

    6144:K3y+bnr+Tp0yN90QESpbj/Pj4BgD2zUcPD+lSLwwvohu5/p8qWlt6lHC4+k0e:ZMr/y90Ij/Pj4aqb9wY8qWl8xCy

Malware Config

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes
  • auth_value

    393905212ded984248e8e000e612d4fe

Targets

    • Target

      z4921733.exe

    • Size

      372KB

    • MD5

      3356f0a504f98ebe19bb177856184fbd

    • SHA1

      be551871751081f37f458b7bf62656f3dc6ed89d

    • SHA256

      04564577997141d823ae97f19f8febb05160bde567c2c1439c74e4d24255ecdd

    • SHA512

      5cf27fcf13ed56ad49dff48ea7c8359d81c5ebe641aba8e4a31b4de783a8734770bfd3ca7e3188e3518b39be890bbe74baa90ffbda980c20e833d22428a1f6c6

    • SSDEEP

      6144:K3y+bnr+Tp0yN90QESpbj/Pj4BgD2zUcPD+lSLwwvohu5/p8qWlt6lHC4+k0e:ZMr/y90Ij/Pj4aqb9wY8qWl8xCy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks