Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68725cf954f50e458692871aa788d5fcc1767c49346fa549a131173471190d52

  • Size

    661KB

  • Sample

    241109-hj8s7sypgw

  • MD5

    e34a14c1904b0a2fb0a9f5269e5ad332

  • SHA1

    185f41f8b2538b782e89e06d654b2dac48ccdf01

  • SHA256

    68725cf954f50e458692871aa788d5fcc1767c49346fa549a131173471190d52

  • SHA512

    2bcc32e7a7cb261b0940111e7948ec1bb0056fc093f9ea21223464483c42aa0a7b10e70f077d46e8d1edf701bb7fdd094b94f4d8ff3cec6fd7a766f3f89bd457

  • SSDEEP

    12288:WMrEy90HUj7+YecDg+UKnvcC7ZE4qlJCsGz4I3piAJVdKJqIwdfBb6:GyN7aKnvjZExlJgz4I7VMJqvdJm

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

droz

C2

77.91.124.145:4125

Attributes
  • auth_value

    d099adf6dbf6ccb8e16967104280634a

Targets

    • Target

      68725cf954f50e458692871aa788d5fcc1767c49346fa549a131173471190d52

    • Size

      661KB

    • MD5

      e34a14c1904b0a2fb0a9f5269e5ad332

    • SHA1

      185f41f8b2538b782e89e06d654b2dac48ccdf01

    • SHA256

      68725cf954f50e458692871aa788d5fcc1767c49346fa549a131173471190d52

    • SHA512

      2bcc32e7a7cb261b0940111e7948ec1bb0056fc093f9ea21223464483c42aa0a7b10e70f077d46e8d1edf701bb7fdd094b94f4d8ff3cec6fd7a766f3f89bd457

    • SSDEEP

      12288:WMrEy90HUj7+YecDg+UKnvcC7ZE4qlJCsGz4I3piAJVdKJqIwdfBb6:GyN7aKnvjZExlJgz4I7VMJqvdJm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks