Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd

  • Size

    744KB

  • Sample

    230910-q1cq4ahe3x

  • MD5

    2c34a2398d16f17aa19cd83154203cf6

  • SHA1

    fb4f06fc0b9260279a0f93eeb25031d178fd43c0

  • SHA256

    594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd

  • SHA512

    670c6c71f9310dcef250c3e4e2b1643f71a519943e4b2a6fc8f3a51175dab1fad37baa9fde800cb304e70692d8dc010d400c5fadc971f293f4672379724d360c

  • SSDEEP

    12288:rMrwy90ioVxgH7XtXcNq5wLo6t2Mebkz8WLhza8cwhIMmaxgsK3kla53J1X0U:3y0YXtXcNPUo2bkLz5c4v+kli3fX0U

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd

    • Size

      744KB

    • MD5

      2c34a2398d16f17aa19cd83154203cf6

    • SHA1

      fb4f06fc0b9260279a0f93eeb25031d178fd43c0

    • SHA256

      594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd

    • SHA512

      670c6c71f9310dcef250c3e4e2b1643f71a519943e4b2a6fc8f3a51175dab1fad37baa9fde800cb304e70692d8dc010d400c5fadc971f293f4672379724d360c

    • SSDEEP

      12288:rMrwy90ioVxgH7XtXcNq5wLo6t2Mebkz8WLhza8cwhIMmaxgsK3kla53J1X0U:3y0YXtXcNPUo2bkLz5c4v+kli3fX0U

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks