Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2

  • Size

    930KB

  • Sample

    231014-cx6ywabh41

  • MD5

    2dfd9fd982fbf4cc8024e0516fadfb51

  • SHA1

    6f75d913aa14b7ccbe316325463e5d34e4c23843

  • SHA256

    88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2

  • SHA512

    cc80fc9a068bf5ca7512eb43b8d8ada6aa976ef49462e8596066920fb305da28f1b500428281917fe4dbb0335e3d2546dd62df4b9d3dca8e986b7ebd8f987f93

  • SSDEEP

    12288:E9//yfYb5BIQZVtR6Ar8OJuq/YDPfSQF3sPp+uptyodtqNpKZ2dsi+gI1PBAhKhS:EiuBtZc08OJpY/8PYHodtqfBKl1p/Kx

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2

    • Size

      930KB

    • MD5

      2dfd9fd982fbf4cc8024e0516fadfb51

    • SHA1

      6f75d913aa14b7ccbe316325463e5d34e4c23843

    • SHA256

      88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2

    • SHA512

      cc80fc9a068bf5ca7512eb43b8d8ada6aa976ef49462e8596066920fb305da28f1b500428281917fe4dbb0335e3d2546dd62df4b9d3dca8e986b7ebd8f987f93

    • SSDEEP

      12288:E9//yfYb5BIQZVtR6Ar8OJuq/YDPfSQF3sPp+uptyodtqNpKZ2dsi+gI1PBAhKhS:EiuBtZc08OJpY/8PYHodtqfBKl1p/Kx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks