Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f6157c064ecddee58a9650d1912c9b7f143b389121016aaf35ea56386b28a1dd

  • Size

    930KB

  • Sample

    230831-kt5kmsdg4x

  • MD5

    be74152fea77c8c16369379ca5897b8e

  • SHA1

    d90a68fbfeef87f426ece1b534f8330e56346eb3

  • SHA256

    f6157c064ecddee58a9650d1912c9b7f143b389121016aaf35ea56386b28a1dd

  • SHA512

    0c0fc58a8d289a025c6dc329d3673bf93583f328502e5e070b5a90064e2f77a43b6ffead9ba64c564abd235e1fe273944f0c6dc48169d8a5901d186ac3995193

  • SSDEEP

    24576:/yHIRlA5c4ShnISiq7Kc7EdBm3Ax0woJbGhIm:KuAe9nracmBm3NwkG

Malware Config

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes
  • auth_value

    c556edcd49703319eca74247de20c236

Targets

    • Target

      f6157c064ecddee58a9650d1912c9b7f143b389121016aaf35ea56386b28a1dd

    • Size

      930KB

    • MD5

      be74152fea77c8c16369379ca5897b8e

    • SHA1

      d90a68fbfeef87f426ece1b534f8330e56346eb3

    • SHA256

      f6157c064ecddee58a9650d1912c9b7f143b389121016aaf35ea56386b28a1dd

    • SHA512

      0c0fc58a8d289a025c6dc329d3673bf93583f328502e5e070b5a90064e2f77a43b6ffead9ba64c564abd235e1fe273944f0c6dc48169d8a5901d186ac3995193

    • SSDEEP

      24576:/yHIRlA5c4ShnISiq7Kc7EdBm3Ax0woJbGhIm:KuAe9nracmBm3NwkG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks