Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b

  • Size

    930KB

  • Sample

    231014-esd4eaga8v

  • MD5

    4697b533d9be35351f1742bb0fa26f94

  • SHA1

    06fcdb6fd8172cbcbd27ebb340905d989630475b

  • SHA256

    d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b

  • SHA512

    93ed2e98d76da352f8c83a1142c11bbcf3ebcf79e38d140fbae14fc1c4a719d8b39bd9fa732de02f09a1273bc9782e9a710c7b40a3f1356acaf411cf8e05a459

  • SSDEEP

    12288:gl//yfYb5BIQZVtvffdXWOW1kyOqJ6xM1FKGv4YVnGGwfZhi7p6gA2ni5BVObHWM:YiuBtZvfdGOUkM1fnwG6gAzV+HWi7

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b

    • Size

      930KB

    • MD5

      4697b533d9be35351f1742bb0fa26f94

    • SHA1

      06fcdb6fd8172cbcbd27ebb340905d989630475b

    • SHA256

      d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b

    • SHA512

      93ed2e98d76da352f8c83a1142c11bbcf3ebcf79e38d140fbae14fc1c4a719d8b39bd9fa732de02f09a1273bc9782e9a710c7b40a3f1356acaf411cf8e05a459

    • SSDEEP

      12288:gl//yfYb5BIQZVtvffdXWOW1kyOqJ6xM1FKGv4YVnGGwfZhi7p6gA2ni5BVObHWM:YiuBtZvfdGOUkM1fnwG6gAzV+HWi7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks