Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4
-
Size
389KB
-
Sample
230721-a72e2aca5w
-
MD5
4c0ee4575495af04e7c58bab38be728f
-
SHA1
38ec99bddfc7371bff0271d5b06618c4b8edc28a
-
SHA256
5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4
-
SHA512
ab43f5567edc99ea8e02c50003fd6ab33d6fda09e7317ce0f4c45618626a2aa7bde9e631e34668eeaa81ad72c1e977c24cd0a49edebee62666b729a471447538
-
SSDEEP
12288:fMrby90gtNYRCQoiYZivJRwpuYisdDZpD:8yTEgZwAuYisdD7D
Malware Config
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4
-
Size
389KB
-
MD5
4c0ee4575495af04e7c58bab38be728f
-
SHA1
38ec99bddfc7371bff0271d5b06618c4b8edc28a
-
SHA256
5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4
-
SHA512
ab43f5567edc99ea8e02c50003fd6ab33d6fda09e7317ce0f4c45618626a2aa7bde9e631e34668eeaa81ad72c1e977c24cd0a49edebee62666b729a471447538
-
SSDEEP
12288:fMrby90gtNYRCQoiYZivJRwpuYisdDZpD:8yTEgZwAuYisdD7D
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1