Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    95d9bb990bb85cdecdc76c11a1b0159b35e3958d6eb7f10d3c58c720da8b29b1

  • Size

    389KB

  • Sample

    230719-prb8jaee34

  • MD5

    9be6610be653d29f1846dfabbb0b9796

  • SHA1

    7f414ffb2c37b21d48d8d7954ae0645328c83d5d

  • SHA256

    95d9bb990bb85cdecdc76c11a1b0159b35e3958d6eb7f10d3c58c720da8b29b1

  • SHA512

    746380c6e289026aeca2ac03a683073ccfb05ae9ff45e0801295540c800d19ceae9363896f6dd0392be2408fbd9ecf71664a2a14c27ba55d3ab06e2b2276ac83

  • SSDEEP

    6144:KIy+bnr+cp0yN90QE2C02lxr2XO93i0H2CtPaxGuWzIlQCYM:IMrUy90h02br2XcNwdAM

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      95d9bb990bb85cdecdc76c11a1b0159b35e3958d6eb7f10d3c58c720da8b29b1

    • Size

      389KB

    • MD5

      9be6610be653d29f1846dfabbb0b9796

    • SHA1

      7f414ffb2c37b21d48d8d7954ae0645328c83d5d

    • SHA256

      95d9bb990bb85cdecdc76c11a1b0159b35e3958d6eb7f10d3c58c720da8b29b1

    • SHA512

      746380c6e289026aeca2ac03a683073ccfb05ae9ff45e0801295540c800d19ceae9363896f6dd0392be2408fbd9ecf71664a2a14c27ba55d3ab06e2b2276ac83

    • SSDEEP

      6144:KIy+bnr+cp0yN90QE2C02lxr2XO93i0H2CtPaxGuWzIlQCYM:IMrUy90h02br2XcNwdAM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks