Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec

  • Size

    929KB

  • Sample

    231014-dvtq7sdd51

  • MD5

    d6dc032aaf1b9960207e19a67aa11a8f

  • SHA1

    bd6728c247061dba9bb1a39ee80f635bdb7d6ad1

  • SHA256

    291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec

  • SHA512

    d5ee33f59ae5d164c072285f85c50a7e67ae8dfb5528431806b605e0b84d6cb0c4a2f5a0f2fded9e89c0bc279e80c4f2aeb88fc9edb564ec7a972ad5f9916682

  • SSDEEP

    24576:KiuBtZKnzlIEuWq4j8ou7wH1q+ZDcI7G:BuBfKzKWq4aq1HtG

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec

    • Size

      929KB

    • MD5

      d6dc032aaf1b9960207e19a67aa11a8f

    • SHA1

      bd6728c247061dba9bb1a39ee80f635bdb7d6ad1

    • SHA256

      291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec

    • SHA512

      d5ee33f59ae5d164c072285f85c50a7e67ae8dfb5528431806b605e0b84d6cb0c4a2f5a0f2fded9e89c0bc279e80c4f2aeb88fc9edb564ec7a972ad5f9916682

    • SSDEEP

      24576:KiuBtZKnzlIEuWq4j8ou7wH1q+ZDcI7G:BuBfKzKWq4aq1HtG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks