Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb

  • Size

    929KB

  • Sample

    230830-a3a3aabh5x

  • MD5

    0d8297ec2033094e78713250a9220035

  • SHA1

    cd37241dba9fc9e3dddc194be939abec1fb5730a

  • SHA256

    2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb

  • SHA512

    c77a42c3f9310a8d250e5717ebf6153e373463adb722160f9ca62f3c1351c0e4048f3cd5f44db7222db3d39d345eada5686c0be3041c0cf0cbf44d38b56946b5

  • SSDEEP

    24576:zy/4V6xkaHDy0n/Y9lvJMIaCV+pzE4ICw:GbxB/Y9IIaCV+pzE4

Malware Config

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes
  • auth_value

    c556edcd49703319eca74247de20c236

Targets

    • Target

      2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb

    • Size

      929KB

    • MD5

      0d8297ec2033094e78713250a9220035

    • SHA1

      cd37241dba9fc9e3dddc194be939abec1fb5730a

    • SHA256

      2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb

    • SHA512

      c77a42c3f9310a8d250e5717ebf6153e373463adb722160f9ca62f3c1351c0e4048f3cd5f44db7222db3d39d345eada5686c0be3041c0cf0cbf44d38b56946b5

    • SSDEEP

      24576:zy/4V6xkaHDy0n/Y9lvJMIaCV+pzE4ICw:GbxB/Y9IIaCV+pzE4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks