Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7b1bf70120dc9fc14cbe1686d874a5e9aff93621e115b49c83426b832d19fc67

  • Size

    743KB

  • Sample

    230910-ljhtkaga51

  • MD5

    3de30b70741c9f60f36fb42382579a91

  • SHA1

    4e8c78c970719a6dea94e865535c4606219cabfc

  • SHA256

    7b1bf70120dc9fc14cbe1686d874a5e9aff93621e115b49c83426b832d19fc67

  • SHA512

    31396de6aa7d10657a05849a395b430e9dfbe1dee1e8cf0451a1d16b628325fd15f7e780b1d47148d8fb8c1aa0ad434a6021edbf8e38da87b8a245827ccea1b0

  • SSDEEP

    12288:xMrSy90Pc6V0zMCgYl1XhwVi9bEPIDdaBBQoDSnhyasB3:zy8FV1RMOVieADQJDcYXB3

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      7b1bf70120dc9fc14cbe1686d874a5e9aff93621e115b49c83426b832d19fc67

    • Size

      743KB

    • MD5

      3de30b70741c9f60f36fb42382579a91

    • SHA1

      4e8c78c970719a6dea94e865535c4606219cabfc

    • SHA256

      7b1bf70120dc9fc14cbe1686d874a5e9aff93621e115b49c83426b832d19fc67

    • SHA512

      31396de6aa7d10657a05849a395b430e9dfbe1dee1e8cf0451a1d16b628325fd15f7e780b1d47148d8fb8c1aa0ad434a6021edbf8e38da87b8a245827ccea1b0

    • SSDEEP

      12288:xMrSy90Pc6V0zMCgYl1XhwVi9bEPIDdaBBQoDSnhyasB3:zy8FV1RMOVieADQJDcYXB3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks