Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194

  • Size

    742KB

  • Sample

    230910-kd8mcsfh26

  • MD5

    6a63998eb6c3f93e1ae2b42def2fad00

  • SHA1

    c88b9e68bce79bc361c68a3412be4d2c2e609289

  • SHA256

    8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194

  • SHA512

    c32353c92ec695e6d902fe5f5e1b48e181fb5e3bf768d4d7acfe24c2306916706551e6ff9dcbe3b1ece707ce81383d311139d4dbc9dfb6a6e948346439efe77d

  • SSDEEP

    12288:OMrqy906E5Z9oK/FPXDlaHDw9M3P/1bAoU5nGt0Jbn/0l57cDWpU4EHD+r:wyCz9oK/FbCUwX1EouxcYmr

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194

    • Size

      742KB

    • MD5

      6a63998eb6c3f93e1ae2b42def2fad00

    • SHA1

      c88b9e68bce79bc361c68a3412be4d2c2e609289

    • SHA256

      8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194

    • SHA512

      c32353c92ec695e6d902fe5f5e1b48e181fb5e3bf768d4d7acfe24c2306916706551e6ff9dcbe3b1ece707ce81383d311139d4dbc9dfb6a6e948346439efe77d

    • SSDEEP

      12288:OMrqy906E5Z9oK/FPXDlaHDw9M3P/1bAoU5nGt0Jbn/0l57cDWpU4EHD+r:wyCz9oK/FbCUwX1EouxcYmr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks