Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    edf02850ec85408c916b54f9598444504ae97ed1790dd2629b5a258d57552690

  • Size

    825KB

  • Sample

    230829-mvk9hafa4y

  • MD5

    78c7c1b9bf75ecf365ef00f7438671bb

  • SHA1

    c6da61f55d033ac2deb3a89f54b4ec9b7e36d94d

  • SHA256

    edf02850ec85408c916b54f9598444504ae97ed1790dd2629b5a258d57552690

  • SHA512

    75bb016db995383c8d11e6715beca615f55575dfb9729bd975a0807c1347b013c68034eedfd6287e2d4d24d0bc9ccdcb71fd3ef95800f31d99d41533a14ac883

  • SSDEEP

    12288:PMroy907xHt0DSDiZHZwwCtXnN/+N5uK220Z0jt3kImcmBK3QQfEMU0ZmpX9OJF9:/y68BHZwVr1viR7tmIQQfEkONUF9

Malware Config

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      edf02850ec85408c916b54f9598444504ae97ed1790dd2629b5a258d57552690

    • Size

      825KB

    • MD5

      78c7c1b9bf75ecf365ef00f7438671bb

    • SHA1

      c6da61f55d033ac2deb3a89f54b4ec9b7e36d94d

    • SHA256

      edf02850ec85408c916b54f9598444504ae97ed1790dd2629b5a258d57552690

    • SHA512

      75bb016db995383c8d11e6715beca615f55575dfb9729bd975a0807c1347b013c68034eedfd6287e2d4d24d0bc9ccdcb71fd3ef95800f31d99d41533a14ac883

    • SSDEEP

      12288:PMroy907xHt0DSDiZHZwwCtXnN/+N5uK220Z0jt3kImcmBK3QQfEMU0ZmpX9OJF9:/y68BHZwVr1viR7tmIQQfEkONUF9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks