Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a500b971ebacac5bdf1d6a3c11a1a86ad1beb53f5d5c76734f6d02810edac9ac

  • Size

    754KB

  • Sample

    231012-mteekafh47

  • MD5

    828e0ed8997abebc44cdc8f2d330ff1b

  • SHA1

    9155992b31a36d926ba400837e380dedb1793746

  • SHA256

    a500b971ebacac5bdf1d6a3c11a1a86ad1beb53f5d5c76734f6d02810edac9ac

  • SHA512

    5b4d8eff80d2f3ebe545c1470a5932e9094f8e9be0d3a9e553ae00c2c5e1a4a865c5eb11d2387ee14563088ed6aa521e43a7244134723b63e83627cf24250cf2

  • SSDEEP

    12288:yMrsy90sbBONZtssZ+qgV/7z1FnasnGXIC4jVUUUlm6Elb6yDX:qytsgsZ+qg/RGGB0lIN6yDX

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes
  • auth_value

    c62fa04aa45f5b78f62d2c21fcbefdec

Targets

    • Target

      a500b971ebacac5bdf1d6a3c11a1a86ad1beb53f5d5c76734f6d02810edac9ac

    • Size

      754KB

    • MD5

      828e0ed8997abebc44cdc8f2d330ff1b

    • SHA1

      9155992b31a36d926ba400837e380dedb1793746

    • SHA256

      a500b971ebacac5bdf1d6a3c11a1a86ad1beb53f5d5c76734f6d02810edac9ac

    • SHA512

      5b4d8eff80d2f3ebe545c1470a5932e9094f8e9be0d3a9e553ae00c2c5e1a4a865c5eb11d2387ee14563088ed6aa521e43a7244134723b63e83627cf24250cf2

    • SSDEEP

      12288:yMrsy90sbBONZtssZ+qgV/7z1FnasnGXIC4jVUUUlm6Elb6yDX:qytsgsZ+qg/RGGB0lIN6yDX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks