Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    x2882564.exe

  • Size

    776KB

  • Sample

    231012-qwc63aec99

  • MD5

    b486e1aa15200a93443df9fcb1098c5e

  • SHA1

    ce2512432ef7f497863052da77f53cd1a827d86a

  • SHA256

    d489bb16bad16af7c57f9852a491fb82e94a9ab007fa85336ab33ca83773d893

  • SHA512

    423c73cf5f708e75faf6fdd406088ecb717639b503e02b9e0921274a8c1618fe3d228ef0b806e6a94c880eec3b75cc0f026304719ae11af7621ac6241b70d561

  • SSDEEP

    12288:qMrsy90EAUxhFHh+ny7B298BEhaSLXvJAjnfYjnAKywqxrgKCb90vDM2VwOCvj:SyDDY/8SFzvJUfYj+rDCSvDM1Z

Malware Config

Extracted

Family

redline

Botnet

vasha

C2

77.91.124.82:19071

Attributes
  • auth_value

    42fc61786274daca54d589b85a2c1954

Targets

    • Target

      x2882564.exe

    • Size

      776KB

    • MD5

      b486e1aa15200a93443df9fcb1098c5e

    • SHA1

      ce2512432ef7f497863052da77f53cd1a827d86a

    • SHA256

      d489bb16bad16af7c57f9852a491fb82e94a9ab007fa85336ab33ca83773d893

    • SHA512

      423c73cf5f708e75faf6fdd406088ecb717639b503e02b9e0921274a8c1618fe3d228ef0b806e6a94c880eec3b75cc0f026304719ae11af7621ac6241b70d561

    • SSDEEP

      12288:qMrsy90EAUxhFHh+ny7B298BEhaSLXvJAjnfYjnAKywqxrgKCb90vDM2VwOCvj:SyDDY/8SFzvJUfYj+rDCSvDM1Z

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks