Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ecf6336a1803eed2fb4644a389cba341b2e1084badfd080ee2e417ff3a5edd32

  • Size

    930KB

  • Sample

    230825-jakkpabe2v

  • MD5

    24346da7ae9c5b1ff35fc2ab06b9038b

  • SHA1

    ba9401432b4bb41f55c7a9b4b6857ef5b3e069fe

  • SHA256

    ecf6336a1803eed2fb4644a389cba341b2e1084badfd080ee2e417ff3a5edd32

  • SHA512

    8dd00842537643e9fb3fc089bdd6d7601d996e11b5b59efc217eebbd9dafb2044d74d250ee99ec87b2d7b21a5f4f7219b1ff697b7dcec4cd633e70e6ae685d37

  • SSDEEP

    24576:HyZCS98aGeomWjunsijLy0ju69lrx3AvCwtERIoFwoCf+:Sog8NnSLK67l3ICvuG

Malware Config

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes
  • auth_value

    393905212ded984248e8e000e612d4fe

Targets

    • Target

      ecf6336a1803eed2fb4644a389cba341b2e1084badfd080ee2e417ff3a5edd32

    • Size

      930KB

    • MD5

      24346da7ae9c5b1ff35fc2ab06b9038b

    • SHA1

      ba9401432b4bb41f55c7a9b4b6857ef5b3e069fe

    • SHA256

      ecf6336a1803eed2fb4644a389cba341b2e1084badfd080ee2e417ff3a5edd32

    • SHA512

      8dd00842537643e9fb3fc089bdd6d7601d996e11b5b59efc217eebbd9dafb2044d74d250ee99ec87b2d7b21a5f4f7219b1ff697b7dcec4cd633e70e6ae685d37

    • SSDEEP

      24576:HyZCS98aGeomWjunsijLy0ju69lrx3AvCwtERIoFwoCf+:Sog8NnSLK67l3ICvuG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks