Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    400c9c607756481252a7af2454dc1184049d6976063ea908c1f98564ffbe9d4a

  • Size

    989KB

  • Sample

    230711-2n1g6sca3w

  • MD5

    caa77db1d9e91c03420de42d0881b211

  • SHA1

    6adec40078a6253bbd06cbfa728ff4518355ac59

  • SHA256

    400c9c607756481252a7af2454dc1184049d6976063ea908c1f98564ffbe9d4a

  • SHA512

    aecb982c6ea0b3b875302fe39b0292624660463b57af51e97acf37c735f84f40512de6baec82e8fdfb357defb45a6cae4c9f6210719822e039f5c32bd3b45649

  • SSDEEP

    24576:1yl5k1tfjHfabqFIr8iHlOi6JIni5NWxlOhD:Q/qtrHf7C8oAirnCAxlO

Malware Config

Extracted

Family

redline

Botnet

kira

C2

77.91.68.48:19071

Attributes
  • auth_value

    1677a40fd8997eb89377e1681911e9c6

Targets

    • Target

      400c9c607756481252a7af2454dc1184049d6976063ea908c1f98564ffbe9d4a

    • Size

      989KB

    • MD5

      caa77db1d9e91c03420de42d0881b211

    • SHA1

      6adec40078a6253bbd06cbfa728ff4518355ac59

    • SHA256

      400c9c607756481252a7af2454dc1184049d6976063ea908c1f98564ffbe9d4a

    • SHA512

      aecb982c6ea0b3b875302fe39b0292624660463b57af51e97acf37c735f84f40512de6baec82e8fdfb357defb45a6cae4c9f6210719822e039f5c32bd3b45649

    • SSDEEP

      24576:1yl5k1tfjHfabqFIr8iHlOi6JIni5NWxlOhD:Q/qtrHf7C8oAirnCAxlO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks