Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec

  • Size

    923KB

  • Sample

    230901-g7k7dach9z

  • MD5

    2a95892752ce9221e0e4dda530746b24

  • SHA1

    2df82dcd76c16bc7b30d6052d89e65bc17548365

  • SHA256

    2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec

  • SHA512

    6d6c44f6b4dfbc90923d12fbc30ebf9b087dd7286b352f2cd16c29fa812ce2f646f7462ef88547f749c152c85cae5a6a3856580f20c1ccc6d89b839db8825563

  • SSDEEP

    24576:OywszlydSyTFkcjPgdLPz2f6ay8NpY2z1B74Ec8aos:dkhFzP+LPD38NpY2JF4Ec8a

Malware Config

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec

    • Size

      923KB

    • MD5

      2a95892752ce9221e0e4dda530746b24

    • SHA1

      2df82dcd76c16bc7b30d6052d89e65bc17548365

    • SHA256

      2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec

    • SHA512

      6d6c44f6b4dfbc90923d12fbc30ebf9b087dd7286b352f2cd16c29fa812ce2f646f7462ef88547f749c152c85cae5a6a3856580f20c1ccc6d89b839db8825563

    • SSDEEP

      24576:OywszlydSyTFkcjPgdLPz2f6ay8NpY2z1B74Ec8aos:dkhFzP+LPD38NpY2JF4Ec8a

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks