Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a56cd0d8485df2f5277e1497db2b707db7373a90bb6b071ef93d6770ea981bbb

  • Size

    661KB

  • Sample

    241108-a3ltsatpek

  • MD5

    886b956f48f7fa103ff866aff8204ed5

  • SHA1

    a33edceb00879c55af5ba2e58f442b639057bf78

  • SHA256

    a56cd0d8485df2f5277e1497db2b707db7373a90bb6b071ef93d6770ea981bbb

  • SHA512

    be1a6371ed090d86b9e1169bb40fdfb789df5544b5e169ce976f108337cd725365bd1eb99a1a20e616e61e861e1e668e72ff6b41afe52eb7368a0da631cbf03c

  • SSDEEP

    12288:nMr6y90T/bO4gbHMlrlBP3cY4IWpihJZKUgih3tJRHjyBUK:RyP+lrlB0Y4Ivv1dWBh

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

droz

C2

77.91.124.145:4125

Attributes
  • auth_value

    d099adf6dbf6ccb8e16967104280634a

Targets

    • Target

      a56cd0d8485df2f5277e1497db2b707db7373a90bb6b071ef93d6770ea981bbb

    • Size

      661KB

    • MD5

      886b956f48f7fa103ff866aff8204ed5

    • SHA1

      a33edceb00879c55af5ba2e58f442b639057bf78

    • SHA256

      a56cd0d8485df2f5277e1497db2b707db7373a90bb6b071ef93d6770ea981bbb

    • SHA512

      be1a6371ed090d86b9e1169bb40fdfb789df5544b5e169ce976f108337cd725365bd1eb99a1a20e616e61e861e1e668e72ff6b41afe52eb7368a0da631cbf03c

    • SSDEEP

      12288:nMr6y90T/bO4gbHMlrlBP3cY4IWpihJZKUgih3tJRHjyBUK:RyP+lrlB0Y4Ivv1dWBh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks