Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30

  • Size

    929KB

  • Sample

    230828-jfabxaha59

  • MD5

    bca07a88549aa5b88e6e6a96ae7ec882

  • SHA1

    ed0efc2c39acd1d53fdd19a7a7f6bc539d4a7734

  • SHA256

    ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30

  • SHA512

    defb4bb770520e7756f2d2ce048881645c21afb511ee312c842df8d9bc8979a7158e552f36cb9c9966c94a683d5c74f3da5ea7b29db9a6f26ef2f4c25f1b22f9

  • SSDEEP

    24576:Vy/MmzTGgUANylM0LN4d5q0iRh9MMdr1b7duQtz3UeB45CsfU:w/MYzUAYtqdk1Rh9MMLbd3Wg

Malware Config

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30

    • Size

      929KB

    • MD5

      bca07a88549aa5b88e6e6a96ae7ec882

    • SHA1

      ed0efc2c39acd1d53fdd19a7a7f6bc539d4a7734

    • SHA256

      ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30

    • SHA512

      defb4bb770520e7756f2d2ce048881645c21afb511ee312c842df8d9bc8979a7158e552f36cb9c9966c94a683d5c74f3da5ea7b29db9a6f26ef2f4c25f1b22f9

    • SSDEEP

      24576:Vy/MmzTGgUANylM0LN4d5q0iRh9MMdr1b7duQtz3UeB45CsfU:w/MYzUAYtqdk1Rh9MMLbd3Wg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks