Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8

  • Size

    491KB

  • Sample

    241104-rqxh7a1gkk

  • MD5

    06c4bd51cbf51954b34d81b43bd144f2

  • SHA1

    e924fad84cc93ea850f632291b7a1692efd391f5

  • SHA256

    608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8

  • SHA512

    4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb

  • SSDEEP

    12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG

Malware Config

Extracted

Family

redline

Botnet

lade

C2

217.196.96.101:4132

Attributes
  • auth_value

    6e597bb53b7858f1eaca3f569cb16e1e

Targets

    • Target

      608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8

    • Size

      491KB

    • MD5

      06c4bd51cbf51954b34d81b43bd144f2

    • SHA1

      e924fad84cc93ea850f632291b7a1692efd391f5

    • SHA256

      608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8

    • SHA512

      4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb

    • SSDEEP

      12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks