Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c33db0df2a0ba843176dfaf8a0277f9e3640056dd9539d56103929bc46b9bf08

  • Size

    930KB

  • Sample

    230901-fvyfhach56

  • MD5

    4eed99a25e71ac5564127defdb2ba0d4

  • SHA1

    96e7d6aabe5dd29ccc47b92038b50fd2f1a04bf2

  • SHA256

    c33db0df2a0ba843176dfaf8a0277f9e3640056dd9539d56103929bc46b9bf08

  • SHA512

    c34447641117c72c9ca9581485a8ea11a3f2f5c210fb404063b46a9027628059865ebcf3025fd4c371b2634998bfc6931a0c216b324a03cf5c789e43669bb2ca

  • SSDEEP

    24576:ByXAxGYxE5zFEBeBX8PMIVQh0yoxhDPOB3G5t:0XJYxiFEeX8PpTN5Wc5

Malware Config

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      c33db0df2a0ba843176dfaf8a0277f9e3640056dd9539d56103929bc46b9bf08

    • Size

      930KB

    • MD5

      4eed99a25e71ac5564127defdb2ba0d4

    • SHA1

      96e7d6aabe5dd29ccc47b92038b50fd2f1a04bf2

    • SHA256

      c33db0df2a0ba843176dfaf8a0277f9e3640056dd9539d56103929bc46b9bf08

    • SHA512

      c34447641117c72c9ca9581485a8ea11a3f2f5c210fb404063b46a9027628059865ebcf3025fd4c371b2634998bfc6931a0c216b324a03cf5c789e43669bb2ca

    • SSDEEP

      24576:ByXAxGYxE5zFEBeBX8PMIVQh0yoxhDPOB3G5t:0XJYxiFEeX8PpTN5Wc5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks