Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7f1729fd0325ff6ce383a3ce24810eec50f7143c062ac958ca67dcfe4e0ec604

  • Size

    828KB

  • Sample

    230828-d5zp7shb71

  • MD5

    124f290be8d18d42ca3e663c05f96a03

  • SHA1

    d9a546e3fc761ec2206039d68c3714618c132158

  • SHA256

    7f1729fd0325ff6ce383a3ce24810eec50f7143c062ac958ca67dcfe4e0ec604

  • SHA512

    8ebccc937567fedb167d09a0eea2fbb1fd9171a5190d1a542f8a25d735f90cff3e28b5d30fde5a8148d727d6ce341ea236e3d8f0ed5677d59d65b8f3de49e6b3

  • SSDEEP

    24576:uyuwj473lw3h5ToVj7TgxyZinDeU1fIf:9kZa8VLyiinf1w

Malware Config

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      7f1729fd0325ff6ce383a3ce24810eec50f7143c062ac958ca67dcfe4e0ec604

    • Size

      828KB

    • MD5

      124f290be8d18d42ca3e663c05f96a03

    • SHA1

      d9a546e3fc761ec2206039d68c3714618c132158

    • SHA256

      7f1729fd0325ff6ce383a3ce24810eec50f7143c062ac958ca67dcfe4e0ec604

    • SHA512

      8ebccc937567fedb167d09a0eea2fbb1fd9171a5190d1a542f8a25d735f90cff3e28b5d30fde5a8148d727d6ce341ea236e3d8f0ed5677d59d65b8f3de49e6b3

    • SSDEEP

      24576:uyuwj473lw3h5ToVj7TgxyZinDeU1fIf:9kZa8VLyiinf1w

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks