Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4c20fb62bd4928bde782b1eb4a893f30c5c83849967a51a9473093ebb8b384a

  • Size

    532KB

  • Sample

    241111-cc247azgpe

  • MD5

    5f29f3262913fb21d2f6990e042ea1c5

  • SHA1

    098541222a5316cdb4ebec8a1e6fd287365c9615

  • SHA256

    b4c20fb62bd4928bde782b1eb4a893f30c5c83849967a51a9473093ebb8b384a

  • SHA512

    707ea7d3dbce0023fcf27ef2090b7466a93cfc5fbbad7de35ee0641d61f5aa8c44f8146bb880490bc40070f1cb586404edaf27d6e84eb8238d076d3bf7dbb811

  • SSDEEP

    12288:oMroy908elZw/3tF/rEp+ce4lT/BxYosHXGgWEN5bwilui9GrH9:wyAlWPtZie4tbPs3G8nbye4

Malware Config

Extracted

Family

redline

Botnet

rulit

C2

pedigj.eu:4162

Attributes
  • auth_value

    f4df9ef56871d4ac883b282abaf635e0

Targets

    • Target

      b4c20fb62bd4928bde782b1eb4a893f30c5c83849967a51a9473093ebb8b384a

    • Size

      532KB

    • MD5

      5f29f3262913fb21d2f6990e042ea1c5

    • SHA1

      098541222a5316cdb4ebec8a1e6fd287365c9615

    • SHA256

      b4c20fb62bd4928bde782b1eb4a893f30c5c83849967a51a9473093ebb8b384a

    • SHA512

      707ea7d3dbce0023fcf27ef2090b7466a93cfc5fbbad7de35ee0641d61f5aa8c44f8146bb880490bc40070f1cb586404edaf27d6e84eb8238d076d3bf7dbb811

    • SSDEEP

      12288:oMroy908elZw/3tF/rEp+ce4lT/BxYosHXGgWEN5bwilui9GrH9:wyAlWPtZie4tbPs3G8nbye4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks