Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b9a870a8b4629c8c440372cb65cde2684a4b46789042b445d6820a424f9ce25c.exe

  • Size

    569KB

  • Sample

    241111-bmfs9ssmen

  • MD5

    c83012884a276fc3170766c8ae5fc69c

  • SHA1

    afe3b1ab03d8b0b7546533bbfba089b3ea5c92e4

  • SHA256

    b9a870a8b4629c8c440372cb65cde2684a4b46789042b445d6820a424f9ce25c

  • SHA512

    4ee4623c7f86e136414edc8f3bb07f51be2850b1935401aa66e2db5543a41d50a8f7876b8ab60c885074742f86ceed7d209c227e443120150ed0d4a86022acd8

  • SSDEEP

    12288:FMrWy906ahimz7AuxqVlzCx3wjnQy8JYYBL0PUWm:zyPsVAuxYpCx38n78+WAPrm

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      b9a870a8b4629c8c440372cb65cde2684a4b46789042b445d6820a424f9ce25c.exe

    • Size

      569KB

    • MD5

      c83012884a276fc3170766c8ae5fc69c

    • SHA1

      afe3b1ab03d8b0b7546533bbfba089b3ea5c92e4

    • SHA256

      b9a870a8b4629c8c440372cb65cde2684a4b46789042b445d6820a424f9ce25c

    • SHA512

      4ee4623c7f86e136414edc8f3bb07f51be2850b1935401aa66e2db5543a41d50a8f7876b8ab60c885074742f86ceed7d209c227e443120150ed0d4a86022acd8

    • SSDEEP

      12288:FMrWy906ahimz7AuxqVlzCx3wjnQy8JYYBL0PUWm:zyPsVAuxYpCx38n78+WAPrm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks