Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    de5bec25119dca426e3cf73b1296f08e9c3b750cc3478da2a60cda26c6eefa80

  • Size

    662KB

  • Sample

    241111-cgawhayrgw

  • MD5

    1d11602bd06c10aed6d7eb60366b0cd9

  • SHA1

    a4bb60bf5dfa83d2deeee99fffc89a8b8374356d

  • SHA256

    de5bec25119dca426e3cf73b1296f08e9c3b750cc3478da2a60cda26c6eefa80

  • SHA512

    48448f301be5c8c7af16bec68b46ed62c22270dbe5db98bcb732fbd1b13f5769077a178cf64b25f1a799df91d2e7d0501916cd88940ba024d453ef30a706fbef

  • SSDEEP

    12288:BMr6y90cuTknzzFsIiGsUmgelbCfY69g3BaHK82qfuOG/IMylz:HyLuTKzEGGuYs1HK82qfuOwYV

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      de5bec25119dca426e3cf73b1296f08e9c3b750cc3478da2a60cda26c6eefa80

    • Size

      662KB

    • MD5

      1d11602bd06c10aed6d7eb60366b0cd9

    • SHA1

      a4bb60bf5dfa83d2deeee99fffc89a8b8374356d

    • SHA256

      de5bec25119dca426e3cf73b1296f08e9c3b750cc3478da2a60cda26c6eefa80

    • SHA512

      48448f301be5c8c7af16bec68b46ed62c22270dbe5db98bcb732fbd1b13f5769077a178cf64b25f1a799df91d2e7d0501916cd88940ba024d453ef30a706fbef

    • SSDEEP

      12288:BMr6y90cuTknzzFsIiGsUmgelbCfY69g3BaHK82qfuOG/IMylz:HyLuTKzEGGuYs1HK82qfuOwYV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks