Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b

  • Size

    549KB

  • Sample

    241111-bngrysygqm

  • MD5

    e0483418ab2793e61ef36c4f009abb45

  • SHA1

    dffc0b54ea1bef41728694fb3404ed2549942d3b

  • SHA256

    ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b

  • SHA512

    99cd12795c1d6dc5792e7cfeb4e9fae651b28443d67976ee1fbcd26fa5317bd15af3c9fca0eb4160bb2169a72ff334a588a01c858d4ed3fa9b939914272b6c7b

  • SSDEEP

    12288:OMrCy90Vq9No+qm9p6UHofGf16yxwNjEMpXu8Xl1ipHRPFnS8F:YySwNo+v9UUHofK1HIjZuqKdS8F

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b

    • Size

      549KB

    • MD5

      e0483418ab2793e61ef36c4f009abb45

    • SHA1

      dffc0b54ea1bef41728694fb3404ed2549942d3b

    • SHA256

      ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b

    • SHA512

      99cd12795c1d6dc5792e7cfeb4e9fae651b28443d67976ee1fbcd26fa5317bd15af3c9fca0eb4160bb2169a72ff334a588a01c858d4ed3fa9b939914272b6c7b

    • SSDEEP

      12288:OMrCy90Vq9No+qm9p6UHofGf16yxwNjEMpXu8Xl1ipHRPFnS8F:YySwNo+v9UUHofK1HIjZuqKdS8F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks