Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fee1eb5968e3ced545781f6ad295bf012a14306e0ad1b5393f88146436ecf7c1

  • Size

    389KB

  • Sample

    230718-yektksdd62

  • MD5

    aea66679bedcf753c13e13d8b210d83e

  • SHA1

    8c565f552097ebf3589a0343cd2e1372492c7edd

  • SHA256

    fee1eb5968e3ced545781f6ad295bf012a14306e0ad1b5393f88146436ecf7c1

  • SHA512

    b9d0cf08768b626bd1879f78adc74228e3d4f6bbe870dc42d4a829decd77721af38c7d49bc2513a3fa7ec80e606d8550460a0120ee861d0d0767d7b0d903ad07

  • SSDEEP

    6144:K/y+bnr+/p0yN90QEqxXVwV6Zz9Xr7vh259GZYX8cIa8otBj+cP7F7ak:BMr3y90YxlNzh5OF8wj9FN

Malware Config

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      fee1eb5968e3ced545781f6ad295bf012a14306e0ad1b5393f88146436ecf7c1

    • Size

      389KB

    • MD5

      aea66679bedcf753c13e13d8b210d83e

    • SHA1

      8c565f552097ebf3589a0343cd2e1372492c7edd

    • SHA256

      fee1eb5968e3ced545781f6ad295bf012a14306e0ad1b5393f88146436ecf7c1

    • SHA512

      b9d0cf08768b626bd1879f78adc74228e3d4f6bbe870dc42d4a829decd77721af38c7d49bc2513a3fa7ec80e606d8550460a0120ee861d0d0767d7b0d903ad07

    • SSDEEP

      6144:K/y+bnr+/p0yN90QEqxXVwV6Zz9Xr7vh259GZYX8cIa8otBj+cP7F7ak:BMr3y90YxlNzh5OF8wj9FN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks