Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b50c453d7d8938e018801c0db09cd812e47f3fd767fdcc49a53d8ef977ce9574

  • Size

    929KB

  • Sample

    230831-tb2wgagb27

  • MD5

    cc9fb2fb50a7d5215940b77050b1d06c

  • SHA1

    9a3074786fac91cdcc963898d0cadd39f02f020d

  • SHA256

    b50c453d7d8938e018801c0db09cd812e47f3fd767fdcc49a53d8ef977ce9574

  • SHA512

    f1cfd017cf4a9bd57e916cafbad3023c432f35c245e082ae026a602ee8f21aeccac67e344ffd426430b29af1b377cfe3e97fbc220d82e3990875bc15de109081

  • SSDEEP

    12288:4MrCy90FvWjXmJwze2bP7caM5g63suFkz1ky0s+JLS2FybytC/4bpz1JPiPd34Dy:KyAvWjPS0caEkJkvs+pOLkdLPw3fD

Malware Config

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      b50c453d7d8938e018801c0db09cd812e47f3fd767fdcc49a53d8ef977ce9574

    • Size

      929KB

    • MD5

      cc9fb2fb50a7d5215940b77050b1d06c

    • SHA1

      9a3074786fac91cdcc963898d0cadd39f02f020d

    • SHA256

      b50c453d7d8938e018801c0db09cd812e47f3fd767fdcc49a53d8ef977ce9574

    • SHA512

      f1cfd017cf4a9bd57e916cafbad3023c432f35c245e082ae026a602ee8f21aeccac67e344ffd426430b29af1b377cfe3e97fbc220d82e3990875bc15de109081

    • SSDEEP

      12288:4MrCy90FvWjXmJwze2bP7caM5g63suFkz1ky0s+JLS2FybytC/4bpz1JPiPd34Dy:KyAvWjPS0caEkJkvs+pOLkdLPw3fD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks