Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    953317f4b9fe7c635a7e567bc8364004a924201e132d32b4b52e3e8ddc186107

  • Size

    389KB

  • Sample

    230719-qctdyagc31

  • MD5

    8460839d88470abc63cb8b0627566bf9

  • SHA1

    d2d3a870c95135379130e0c8a1a6454dde7eb346

  • SHA256

    953317f4b9fe7c635a7e567bc8364004a924201e132d32b4b52e3e8ddc186107

  • SHA512

    6289d16e5ba5236ee45bfc9eca6b58ed740e7ee0a7c3fc99b6c96b5e7533bf7384121f9166e6f79fdcc17dc20613d3485b510d350be5ad86becc5db842459e84

  • SSDEEP

    6144:K1y+bnr+ep0yN90QEn6DP5m21srlPhkxPb27HSZt8nlzcVF9SF+zrotU0Ky:zMray908Dhm21srlORiY8lvFCU1

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      953317f4b9fe7c635a7e567bc8364004a924201e132d32b4b52e3e8ddc186107

    • Size

      389KB

    • MD5

      8460839d88470abc63cb8b0627566bf9

    • SHA1

      d2d3a870c95135379130e0c8a1a6454dde7eb346

    • SHA256

      953317f4b9fe7c635a7e567bc8364004a924201e132d32b4b52e3e8ddc186107

    • SHA512

      6289d16e5ba5236ee45bfc9eca6b58ed740e7ee0a7c3fc99b6c96b5e7533bf7384121f9166e6f79fdcc17dc20613d3485b510d350be5ad86becc5db842459e84

    • SSDEEP

      6144:K1y+bnr+ep0yN90QEn6DP5m21srlPhkxPb27HSZt8nlzcVF9SF+zrotU0Ky:zMray908Dhm21srlORiY8lvFCU1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks