Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81bf65e6cd65809f4e6885ac684a7d8b17b39bd28c147068431bf802d5a8b12e

  • Size

    389KB

  • Sample

    230719-swyh4shh31

  • MD5

    7d1fed48cf233d36969d449caeb35bc6

  • SHA1

    5e533c4ea4d3b07bcd94bacef079342b32c244bc

  • SHA256

    81bf65e6cd65809f4e6885ac684a7d8b17b39bd28c147068431bf802d5a8b12e

  • SHA512

    c908d6096ca62fd89b1a48e06584a70dacd78a2bf51f37384c0ffb5c7a5657a42924dd29c97ad71e543172aa09e310f187a1e56073385807febe646712492b46

  • SSDEEP

    6144:KWy+bnr+6p0yN90QEKC01kWKjZNrQR5izw2wBT5I13oNkHLmPrVAeeJ/:uMr+y90M8zw2WEoLjGeY/

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      81bf65e6cd65809f4e6885ac684a7d8b17b39bd28c147068431bf802d5a8b12e

    • Size

      389KB

    • MD5

      7d1fed48cf233d36969d449caeb35bc6

    • SHA1

      5e533c4ea4d3b07bcd94bacef079342b32c244bc

    • SHA256

      81bf65e6cd65809f4e6885ac684a7d8b17b39bd28c147068431bf802d5a8b12e

    • SHA512

      c908d6096ca62fd89b1a48e06584a70dacd78a2bf51f37384c0ffb5c7a5657a42924dd29c97ad71e543172aa09e310f187a1e56073385807febe646712492b46

    • SSDEEP

      6144:KWy+bnr+6p0yN90QEKC01kWKjZNrQR5izw2wBT5I13oNkHLmPrVAeeJ/:uMr+y90M8zw2WEoLjGeY/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks