Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930

  • Size

    1.3MB

  • Sample

    231012-rywa4aeb6v

  • MD5

    da1333144d8b061a48cb0401f52f2d3e

  • SHA1

    cedec8d21fdf51a8f95eee01f41fae764f5711f5

  • SHA256

    e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930

  • SHA512

    65d679934febb8fccceedfb5436fa535482f8e1c43adf1b712481deed328a628fac1188ec8ff743996e3e9099f0bde8b7dfa1721e4cdc55b042c6337ed9d07fd

  • SSDEEP

    24576:3Ld650qMgM/k/Q1ZaKjeeNfmdPvnQD9hUUpeN2RK9kvI7AfCSrHqMdxQs:s50q/M/k/oZaKjeeA9vQD7Dq2RJ2AfCY

Malware Config

Extracted

Family

redline

Botnet

vasha

C2

77.91.124.82:19071

Attributes
  • auth_value

    42fc61786274daca54d589b85a2c1954

Targets

    • Target

      e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930

    • Size

      1.3MB

    • MD5

      da1333144d8b061a48cb0401f52f2d3e

    • SHA1

      cedec8d21fdf51a8f95eee01f41fae764f5711f5

    • SHA256

      e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930

    • SHA512

      65d679934febb8fccceedfb5436fa535482f8e1c43adf1b712481deed328a628fac1188ec8ff743996e3e9099f0bde8b7dfa1721e4cdc55b042c6337ed9d07fd

    • SSDEEP

      24576:3Ld650qMgM/k/Q1ZaKjeeNfmdPvnQD9hUUpeN2RK9kvI7AfCSrHqMdxQs:s50q/M/k/oZaKjeeA9vQD7Dq2RJ2AfCY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks