Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8db980d91bda0fe2a070c2618.exe

  • Size

    538KB

  • Sample

    230709-naernacf68

  • MD5

    0a6b3eb000b952d128586d34fd30426e

  • SHA1

    356351c1a03eb4635181be92810bc44f60a676e4

  • SHA256

    8db980d91bda0fe2a070c2618ea67f048334805d49fa5c7a1428f46f89e1b56a

  • SHA512

    c107d747b396227530223c8ccd774e91d1f8dcb518f822394e870066f8640a9e9b2347d6665fe2bd20188ebefd6230c6c765cecd3f1620baab26081d149106aa

  • SSDEEP

    6144:5Y15rR4hzwJB4INWQBS1ZpgINmiE9UO7o0FCpWUCDgTkpv4aKvuc2fSJam6wdUIx:5YF4iz4INWQBS/h3ZG/jv5KR2azZih

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      8db980d91bda0fe2a070c2618.exe

    • Size

      538KB

    • MD5

      0a6b3eb000b952d128586d34fd30426e

    • SHA1

      356351c1a03eb4635181be92810bc44f60a676e4

    • SHA256

      8db980d91bda0fe2a070c2618ea67f048334805d49fa5c7a1428f46f89e1b56a

    • SHA512

      c107d747b396227530223c8ccd774e91d1f8dcb518f822394e870066f8640a9e9b2347d6665fe2bd20188ebefd6230c6c765cecd3f1620baab26081d149106aa

    • SSDEEP

      6144:5Y15rR4hzwJB4INWQBS1ZpgINmiE9UO7o0FCpWUCDgTkpv4aKvuc2fSJam6wdUIx:5YF4iz4INWQBS/h3ZG/jv5KR2azZih

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks