Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ccc3d42253e1bf0c78cde794a86c5693.exe

  • Size

    931KB

  • Sample

    230825-pcltesbe64

  • MD5

    ccc3d42253e1bf0c78cde794a86c5693

  • SHA1

    ea792cdd8dae77c7ea22b195e5fd6a2e6da402c1

  • SHA256

    55835ee0d6831c4bfce2485d71b884881f5cfff7e66b4bd3c760b9a1fb9dd4d9

  • SHA512

    fc708da99a0bebf20df29697bff5f13a1739eeb5933e4e3b384f4cdd056b4583189d00822eeb405bde81d05fadeae23284e7ef8a8d0f065cda05207228c9c18a

  • SSDEEP

    12288:3Mrhy90u10zuiMlgrskr+ZLSgLKN2s2FGyrOtiQ1EWztWqLm+lr3wa1F3VgAGsR7:SydwutCsab2scrD+EWhW+lr78sR4Q

Malware Config

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes
  • auth_value

    393905212ded984248e8e000e612d4fe

Targets

    • Target

      ccc3d42253e1bf0c78cde794a86c5693.exe

    • Size

      931KB

    • MD5

      ccc3d42253e1bf0c78cde794a86c5693

    • SHA1

      ea792cdd8dae77c7ea22b195e5fd6a2e6da402c1

    • SHA256

      55835ee0d6831c4bfce2485d71b884881f5cfff7e66b4bd3c760b9a1fb9dd4d9

    • SHA512

      fc708da99a0bebf20df29697bff5f13a1739eeb5933e4e3b384f4cdd056b4583189d00822eeb405bde81d05fadeae23284e7ef8a8d0f065cda05207228c9c18a

    • SSDEEP

      12288:3Mrhy90u10zuiMlgrskr+ZLSgLKN2s2FGyrOtiQ1EWztWqLm+lr3wa1F3VgAGsR7:SydwutCsab2scrD+EWhW+lr78sR4Q

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks