Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794
-
Size
726KB
-
Sample
241109-nnyrpatdpj
-
MD5
bfdf82e3972423d1d00f37948ff838a6
-
SHA1
cdb8fc963bec7f444d156a661abd2b341c317017
-
SHA256
d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794
-
SHA512
463283fc5896e8c6327e7013502a71440261911a435d73b377a121b4f6b1f90b26b3f5e9d698d85a1b5de0250204c1bbcd545f40e39b38693bb8362c24dbfc64
-
SSDEEP
12288:hMrmy90HDAYwZRrofsCQgXURiAC5nO8ZDA6FKgof8MfUkC74TFcyqq8Fs2cx3+X:TyRYq8HXxAQrZDdcgof8MfZC8T2q9VxV
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794
-
Size
726KB
-
MD5
bfdf82e3972423d1d00f37948ff838a6
-
SHA1
cdb8fc963bec7f444d156a661abd2b341c317017
-
SHA256
d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794
-
SHA512
463283fc5896e8c6327e7013502a71440261911a435d73b377a121b4f6b1f90b26b3f5e9d698d85a1b5de0250204c1bbcd545f40e39b38693bb8362c24dbfc64
-
SSDEEP
12288:hMrmy90HDAYwZRrofsCQgXURiAC5nO8ZDA6FKgof8MfUkC74TFcyqq8Fs2cx3+X:TyRYq8HXxAQrZDdcgof8MfZC8T2q9VxV
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1