Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3efa046fb6cb01db908301b5ab6a0e454f0f4f979895fe323f5a0ebb3531d498

  • Size

    912KB

  • Sample

    241111-btrt4syhpj

  • MD5

    9e6966f846b67c695f96b94eb29bd208

  • SHA1

    02e83908979c5d590ebdb9b2b6c4671cafc99945

  • SHA256

    3efa046fb6cb01db908301b5ab6a0e454f0f4f979895fe323f5a0ebb3531d498

  • SHA512

    d9073d740114416528b58c94e357fd6162107c739d8145890532cd0d9b62c7a769b8f3392d10d92ce185e119b3eac6c6938e8bd7ee700c7233ed853521869826

  • SSDEEP

    24576:kyF544raxxt07WTEkfpnKY/ZkyrybsokHewwGySh:z7da3t+WhlKY/Zk/QoAei

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      3efa046fb6cb01db908301b5ab6a0e454f0f4f979895fe323f5a0ebb3531d498

    • Size

      912KB

    • MD5

      9e6966f846b67c695f96b94eb29bd208

    • SHA1

      02e83908979c5d590ebdb9b2b6c4671cafc99945

    • SHA256

      3efa046fb6cb01db908301b5ab6a0e454f0f4f979895fe323f5a0ebb3531d498

    • SHA512

      d9073d740114416528b58c94e357fd6162107c739d8145890532cd0d9b62c7a769b8f3392d10d92ce185e119b3eac6c6938e8bd7ee700c7233ed853521869826

    • SSDEEP

      24576:kyF544raxxt07WTEkfpnKY/ZkyrybsokHewwGySh:z7da3t+WhlKY/Zk/QoAei

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks