Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690

  • Size

    743KB

  • Sample

    230910-kx6bcafh6t

  • MD5

    b075b104b5a5e7c7eeb5a0efffa5c6e9

  • SHA1

    8674d67b9faf1f4d65b0ab687c18a96e47805d05

  • SHA256

    fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690

  • SHA512

    8d019fb981c465007e2168b43e39d14e31cdb524f61f0c3e1f7b8b5ebcd8032fa5c7e502470771fc36d334118595fcf99cd13170a2cf3b37fd40b6234a652dcb

  • SSDEEP

    12288:lMrCy90gxO3hmLjmBd/hLK1rqwh3mJq5S1MnGEmm/+W5JOTV/841oiGfwmFxXfXF:bym3hemBVJOOwh3mJqBZzh5JOTh1offb

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690

    • Size

      743KB

    • MD5

      b075b104b5a5e7c7eeb5a0efffa5c6e9

    • SHA1

      8674d67b9faf1f4d65b0ab687c18a96e47805d05

    • SHA256

      fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690

    • SHA512

      8d019fb981c465007e2168b43e39d14e31cdb524f61f0c3e1f7b8b5ebcd8032fa5c7e502470771fc36d334118595fcf99cd13170a2cf3b37fd40b6234a652dcb

    • SSDEEP

      12288:lMrCy90gxO3hmLjmBd/hLK1rqwh3mJq5S1MnGEmm/+W5JOTV/841oiGfwmFxXfXF:bym3hemBVJOOwh3mJqBZzh5JOTh1offb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks