Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    023336483f6affe46a0faa30c6dea5dd7f1090b346af5655e61c8bbce02a42ab

  • Size

    389KB

  • Sample

    230720-x14m5sab62

  • MD5

    10a8a4be5b6f6644696f6e204b567388

  • SHA1

    3d8ba77c381c1b2fe8c760446a92166e6b90a415

  • SHA256

    023336483f6affe46a0faa30c6dea5dd7f1090b346af5655e61c8bbce02a42ab

  • SHA512

    f7557a3c891c2af00d9664938673a692e86ae6c67e7c2c669b22bcd18450c5fc65035c8fc448fb2250a47b43762193d0799a0fb586ea13c3ec95ebba33e5a262

  • SSDEEP

    6144:KOy+bnr+Lp0yN90QEwf/AirvTU07jytXLQwW4JZdlWNWywjZ4x8jFDSmjZJ:iMrny90zirUdtrWwZdlYw28jxSsZJ

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      023336483f6affe46a0faa30c6dea5dd7f1090b346af5655e61c8bbce02a42ab

    • Size

      389KB

    • MD5

      10a8a4be5b6f6644696f6e204b567388

    • SHA1

      3d8ba77c381c1b2fe8c760446a92166e6b90a415

    • SHA256

      023336483f6affe46a0faa30c6dea5dd7f1090b346af5655e61c8bbce02a42ab

    • SHA512

      f7557a3c891c2af00d9664938673a692e86ae6c67e7c2c669b22bcd18450c5fc65035c8fc448fb2250a47b43762193d0799a0fb586ea13c3ec95ebba33e5a262

    • SSDEEP

      6144:KOy+bnr+Lp0yN90QEwf/AirvTU07jytXLQwW4JZdlWNWywjZ4x8jFDSmjZJ:iMrny90zirUdtrWwZdlYw28jxSsZJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks