Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    41a7859d9b1994a0d3b960e28682f10d848738d1daf9a7eddc0060660b0f679c

  • Size

    929KB

  • Sample

    230901-jsbeqsdd8v

  • MD5

    d9ac40ce04249f9324e90c52cc3883e4

  • SHA1

    45bb638184fb72d9947225188d35d439d895372d

  • SHA256

    41a7859d9b1994a0d3b960e28682f10d848738d1daf9a7eddc0060660b0f679c

  • SHA512

    861e17d2e75b83e2721dc6339f23ff0966ce2868bc22c1119115e6b82f70d1ae4f1a918efa520e8262143ed3db8ba4bd1b5e3c619cd46cd850c203492154618c

  • SSDEEP

    24576:kyCNMMKmtyAYVKzDADsylVgnMGjQG08Ju9zuh:zzMKmgAYVKg4wxPGzg9zu

Malware Config

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      41a7859d9b1994a0d3b960e28682f10d848738d1daf9a7eddc0060660b0f679c

    • Size

      929KB

    • MD5

      d9ac40ce04249f9324e90c52cc3883e4

    • SHA1

      45bb638184fb72d9947225188d35d439d895372d

    • SHA256

      41a7859d9b1994a0d3b960e28682f10d848738d1daf9a7eddc0060660b0f679c

    • SHA512

      861e17d2e75b83e2721dc6339f23ff0966ce2868bc22c1119115e6b82f70d1ae4f1a918efa520e8262143ed3db8ba4bd1b5e3c619cd46cd850c203492154618c

    • SSDEEP

      24576:kyCNMMKmtyAYVKzDADsylVgnMGjQG08Ju9zuh:zzMKmgAYVKg4wxPGzg9zu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks