Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ff6e66003ed52c6be563ba7a8d6470735770135863e7ea3e6950b9883bdfc4bb

  • Size

    388KB

  • Sample

    230718-rmlyaabh61

  • MD5

    c7aabe1fbaa80e3159dbb6ef29396860

  • SHA1

    696e24c28afa08e6d1bd9b6745f4bff3846986c5

  • SHA256

    ff6e66003ed52c6be563ba7a8d6470735770135863e7ea3e6950b9883bdfc4bb

  • SHA512

    a5a84e0e8898937b0e8c285502717f157eac848d2bb35c8353d2b262c50892f86ea31d2209f188000846375d45872fdff238edb66d53ddba1372a50c5aba7a78

  • SSDEEP

    6144:KGy+bnr+wp0yN90QEawwwbwgaNmRAwcuQ9Ckz5o4QdUSI92P9JVyqMjD:OMroy908obwBsVm9CkzO4QdS9S9yz3

Malware Config

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      ff6e66003ed52c6be563ba7a8d6470735770135863e7ea3e6950b9883bdfc4bb

    • Size

      388KB

    • MD5

      c7aabe1fbaa80e3159dbb6ef29396860

    • SHA1

      696e24c28afa08e6d1bd9b6745f4bff3846986c5

    • SHA256

      ff6e66003ed52c6be563ba7a8d6470735770135863e7ea3e6950b9883bdfc4bb

    • SHA512

      a5a84e0e8898937b0e8c285502717f157eac848d2bb35c8353d2b262c50892f86ea31d2209f188000846375d45872fdff238edb66d53ddba1372a50c5aba7a78

    • SSDEEP

      6144:KGy+bnr+wp0yN90QEawwwbwgaNmRAwcuQ9Ckz5o4QdUSI92P9JVyqMjD:OMroy908obwBsVm9CkzO4QdS9S9yz3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks