Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ba92c4c1427104fa0a351a9c495d3b489750af658ebaf00f2cb482d2945715c

  • Size

    389KB

  • Sample

    230719-25v9sabf62

  • MD5

    26a312d79214d0a1f7ae79436fc0d08c

  • SHA1

    8b1e66d7fcde8f1bc3878ad8ef0485c84c33c462

  • SHA256

    4ba92c4c1427104fa0a351a9c495d3b489750af658ebaf00f2cb482d2945715c

  • SHA512

    583c51ff82d8d79d8a303d6b5a5b3719957723f50ce6714a177b476109ca3897ee02d41ee6ca1482af08feeaea2a6f5050bb6e963019013766926e0184ec6280

  • SSDEEP

    12288:cMrby90e+K7Y/p/io1Y7FcHeeFb3T3VJN3:ny4ywx1RJFb3T3F3

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      4ba92c4c1427104fa0a351a9c495d3b489750af658ebaf00f2cb482d2945715c

    • Size

      389KB

    • MD5

      26a312d79214d0a1f7ae79436fc0d08c

    • SHA1

      8b1e66d7fcde8f1bc3878ad8ef0485c84c33c462

    • SHA256

      4ba92c4c1427104fa0a351a9c495d3b489750af658ebaf00f2cb482d2945715c

    • SHA512

      583c51ff82d8d79d8a303d6b5a5b3719957723f50ce6714a177b476109ca3897ee02d41ee6ca1482af08feeaea2a6f5050bb6e963019013766926e0184ec6280

    • SSDEEP

      12288:cMrby90e+K7Y/p/io1Y7FcHeeFb3T3VJN3:ny4ywx1RJFb3T3F3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks