Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee

  • Size

    930KB

  • Sample

    231014-cxtnjsdg49

  • MD5

    188b21bc63faad7b1b3c33af8fe7ba06

  • SHA1

    6dbfff80152b0af2473b754c773cc1ccfe63ea49

  • SHA256

    b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee

  • SHA512

    490fd7b24912c4267ed4944e2b35eb060713e97a5b5f2ee3e2b4173f5dd06c3e542167213a5dccea16e32a426c1539fd1e260550e63699adc1ac873767d1a831

  • SSDEEP

    24576:riuBtZGSCFbMmswAMRhEoQlgtSLv1tgkQU4:euBfGSS1sDMRhaGSLv13QU4

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee

    • Size

      930KB

    • MD5

      188b21bc63faad7b1b3c33af8fe7ba06

    • SHA1

      6dbfff80152b0af2473b754c773cc1ccfe63ea49

    • SHA256

      b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee

    • SHA512

      490fd7b24912c4267ed4944e2b35eb060713e97a5b5f2ee3e2b4173f5dd06c3e542167213a5dccea16e32a426c1539fd1e260550e63699adc1ac873767d1a831

    • SSDEEP

      24576:riuBtZGSCFbMmswAMRhEoQlgtSLv1tgkQU4:euBfGSS1sDMRhaGSLv13QU4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks