Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b51efcb9377d2df51a9bd31bfdb540a9.exe

  • Size

    806KB

  • Sample

    230710-kvnnhsac6z

  • MD5

    b51efcb9377d2df51a9bd31bfdb540a9

  • SHA1

    326569498f9deda2d5c0c154b558e017b6a33e43

  • SHA256

    c67129b336a4c8cea90b36eafcf4c2cd3084cefefc649e7c62e5890522e7a4ab

  • SHA512

    e5f43a23f1966e3eef9935ba8c1bb037ad35c6f01e8ea2b7cf65a6c7795110303f8f791aaaf050c81ff0e6fedd688012dd5c1c6b56d310e4b1f787cb3278aca5

  • SSDEEP

    12288:Tg4roz477H7ePyhORCJUjG/YSnGNtKBYeGE/4fBQLUJF/O2DiEG7:3K47XwFNhS4H/E/4fBS6GYi1

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes
  • auth_value

    55b9b39a0dae383196a4b8d79e5bb805

Targets

    • Target

      b51efcb9377d2df51a9bd31bfdb540a9.exe

    • Size

      806KB

    • MD5

      b51efcb9377d2df51a9bd31bfdb540a9

    • SHA1

      326569498f9deda2d5c0c154b558e017b6a33e43

    • SHA256

      c67129b336a4c8cea90b36eafcf4c2cd3084cefefc649e7c62e5890522e7a4ab

    • SHA512

      e5f43a23f1966e3eef9935ba8c1bb037ad35c6f01e8ea2b7cf65a6c7795110303f8f791aaaf050c81ff0e6fedd688012dd5c1c6b56d310e4b1f787cb3278aca5

    • SSDEEP

      12288:Tg4roz477H7ePyhORCJUjG/YSnGNtKBYeGE/4fBQLUJF/O2DiEG7:3K47XwFNhS4H/E/4fBS6GYi1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks