Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0ef5db1a427151dbe4ea20814a421c66a0cb9e9ff718b24243943e427514c658

  • Size

    828KB

  • Sample

    230825-jsj2wabf7s

  • MD5

    63948807b260595b5bd052a5a7153d83

  • SHA1

    dee6a653e15c660aacf42d8b6b521410e46b1b04

  • SHA256

    0ef5db1a427151dbe4ea20814a421c66a0cb9e9ff718b24243943e427514c658

  • SHA512

    97c79abde998341e78b4eb286e5eaa566cb6af8c43d7772ff2febecdaacc679ddbe5c28719b6f506817949bacdc9b9cd83ff9b751cb0096b8884a80d2f400b6f

  • SSDEEP

    24576:LytWpSG0LSalsNw6ZY3Qxgd5CJ5CnqKng:+tJHL3iTMAgWZKn

Malware Config

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes
  • auth_value

    393905212ded984248e8e000e612d4fe

Targets

    • Target

      0ef5db1a427151dbe4ea20814a421c66a0cb9e9ff718b24243943e427514c658

    • Size

      828KB

    • MD5

      63948807b260595b5bd052a5a7153d83

    • SHA1

      dee6a653e15c660aacf42d8b6b521410e46b1b04

    • SHA256

      0ef5db1a427151dbe4ea20814a421c66a0cb9e9ff718b24243943e427514c658

    • SHA512

      97c79abde998341e78b4eb286e5eaa566cb6af8c43d7772ff2febecdaacc679ddbe5c28719b6f506817949bacdc9b9cd83ff9b751cb0096b8884a80d2f400b6f

    • SSDEEP

      24576:LytWpSG0LSalsNw6ZY3Qxgd5CJ5CnqKng:+tJHL3iTMAgWZKn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks