Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c4e498dee19d585afa45ef25cfa9911d4b278fe589e0bba2eda15af7376bc17b

  • Size

    389KB

  • Sample

    230719-q72nsshb2z

  • MD5

    177cc2b3781056cb89ff026657ed3de6

  • SHA1

    8abe82aa72e9078bbe718a1b40ea0d1f03783f51

  • SHA256

    c4e498dee19d585afa45ef25cfa9911d4b278fe589e0bba2eda15af7376bc17b

  • SHA512

    bc171c6cf6c641e526e81196c7680ebbd60728678aa1bd6a9e9ceab9bd743e55ee0acf1098597715098072c39f79cf86198eeb2973f38e4428bfea2165f2c2e6

  • SSDEEP

    12288:0Mrny90j4TvR6br5IAMdFTUjiBrGXtkoPS:LyKOJd+jiBrKrS

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      c4e498dee19d585afa45ef25cfa9911d4b278fe589e0bba2eda15af7376bc17b

    • Size

      389KB

    • MD5

      177cc2b3781056cb89ff026657ed3de6

    • SHA1

      8abe82aa72e9078bbe718a1b40ea0d1f03783f51

    • SHA256

      c4e498dee19d585afa45ef25cfa9911d4b278fe589e0bba2eda15af7376bc17b

    • SHA512

      bc171c6cf6c641e526e81196c7680ebbd60728678aa1bd6a9e9ceab9bd743e55ee0acf1098597715098072c39f79cf86198eeb2973f38e4428bfea2165f2c2e6

    • SSDEEP

      12288:0Mrny90j4TvR6br5IAMdFTUjiBrGXtkoPS:LyKOJd+jiBrKrS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks