Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    487635cfb8962a1ec4487beb1c5efb05e5b0c8ef06990b7fcaa9d9eb71ee0d5a

  • Size

    742KB

  • Sample

    230910-j835paff9x

  • MD5

    ab0dd0b34bd72658155b00849b1e87c8

  • SHA1

    5a366a3c32ab4093bb92301d9f6164ffdc7ff23a

  • SHA256

    487635cfb8962a1ec4487beb1c5efb05e5b0c8ef06990b7fcaa9d9eb71ee0d5a

  • SHA512

    e310f2953a6f9eb821f6ce892d85efe0b04d425d22ef80dbb6b6db0f090095c59e3be6ae87ed11fa4043ce54bf71a6da35dc0b1c95f9e8887b3ef43b6f215737

  • SSDEEP

    12288:3Mrvy90Jfhnscl8PodFgKxbl3tGUqnOF8Tf/g6Prtfivx85W1:4yqdCKxbNAbjtfiv6i

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      487635cfb8962a1ec4487beb1c5efb05e5b0c8ef06990b7fcaa9d9eb71ee0d5a

    • Size

      742KB

    • MD5

      ab0dd0b34bd72658155b00849b1e87c8

    • SHA1

      5a366a3c32ab4093bb92301d9f6164ffdc7ff23a

    • SHA256

      487635cfb8962a1ec4487beb1c5efb05e5b0c8ef06990b7fcaa9d9eb71ee0d5a

    • SHA512

      e310f2953a6f9eb821f6ce892d85efe0b04d425d22ef80dbb6b6db0f090095c59e3be6ae87ed11fa4043ce54bf71a6da35dc0b1c95f9e8887b3ef43b6f215737

    • SSDEEP

      12288:3Mrvy90Jfhnscl8PodFgKxbl3tGUqnOF8Tf/g6Prtfivx85W1:4yqdCKxbNAbjtfiv6i

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks