Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be20e8d108cf9e94319678c0f61393d4.exe

  • Size

    389KB

  • Sample

    230720-l836ssfd29

  • MD5

    be20e8d108cf9e94319678c0f61393d4

  • SHA1

    9ca7da9916d071095a2985ecb2408f24f9978453

  • SHA256

    277f52adcffdae3b95ac4c1b928de6c4a507600023471054f5c9d34f3b852f94

  • SHA512

    4a60a1bb61a320deabeeebb508685a024c2b6c1d065221bc5a2682a90193300899d49e355675b84293875486cd08e94d582c95df886ca3330bef74cb0921afca

  • SSDEEP

    6144:KPy+bnr+Lp0yN90QE9dx9l253NzJGHDRezddZ5ULvrGEf51/HmbTME:FMr7y90P25uFEnwrGEr/YT5

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      be20e8d108cf9e94319678c0f61393d4.exe

    • Size

      389KB

    • MD5

      be20e8d108cf9e94319678c0f61393d4

    • SHA1

      9ca7da9916d071095a2985ecb2408f24f9978453

    • SHA256

      277f52adcffdae3b95ac4c1b928de6c4a507600023471054f5c9d34f3b852f94

    • SHA512

      4a60a1bb61a320deabeeebb508685a024c2b6c1d065221bc5a2682a90193300899d49e355675b84293875486cd08e94d582c95df886ca3330bef74cb0921afca

    • SSDEEP

      6144:KPy+bnr+Lp0yN90QE9dx9l253NzJGHDRezddZ5ULvrGEf51/HmbTME:FMr7y90P25uFEnwrGEr/YT5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks