Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf

  • Size

    3.1MB

  • Sample

    231014-amcwyafd9s

  • MD5

    89bb472642a708698b253b0fb0411322

  • SHA1

    bc20878f661e44565946338ba344388595bc7e0b

  • SHA256

    c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf

  • SHA512

    ad00df710f334fee08dc64d33a3e7742f313af866e9cdbcec0d9381d4dce2ee36687187c16f30bad663de27d66a31df96442ee4778f558c4e496252db7c70fb4

  • SSDEEP

    49152:g4ctSwHupD6ERas+6a3vDgHDuPUQknGKQIM0dhflElN3X6f:g4ctrEPSgHDW4nGC3flmNa

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf

    • Size

      3.1MB

    • MD5

      89bb472642a708698b253b0fb0411322

    • SHA1

      bc20878f661e44565946338ba344388595bc7e0b

    • SHA256

      c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf

    • SHA512

      ad00df710f334fee08dc64d33a3e7742f313af866e9cdbcec0d9381d4dce2ee36687187c16f30bad663de27d66a31df96442ee4778f558c4e496252db7c70fb4

    • SSDEEP

      49152:g4ctSwHupD6ERas+6a3vDgHDuPUQknGKQIM0dhflElN3X6f:g4ctrEPSgHDW4nGC3flmNa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks