Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4

  • Size

    389KB

  • Sample

    230721-a72e2aca5w

  • MD5

    4c0ee4575495af04e7c58bab38be728f

  • SHA1

    38ec99bddfc7371bff0271d5b06618c4b8edc28a

  • SHA256

    5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4

  • SHA512

    ab43f5567edc99ea8e02c50003fd6ab33d6fda09e7317ce0f4c45618626a2aa7bde9e631e34668eeaa81ad72c1e977c24cd0a49edebee62666b729a471447538

  • SSDEEP

    12288:fMrby90gtNYRCQoiYZivJRwpuYisdDZpD:8yTEgZwAuYisdD7D

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes
  • auth_value

    6da71218d8a9738ea3a9a78b5677589b

Targets

    • Target

      5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4

    • Size

      389KB

    • MD5

      4c0ee4575495af04e7c58bab38be728f

    • SHA1

      38ec99bddfc7371bff0271d5b06618c4b8edc28a

    • SHA256

      5066fa88809775351ad7659df9361b186e76559f207314f8d5d64128aea78db4

    • SHA512

      ab43f5567edc99ea8e02c50003fd6ab33d6fda09e7317ce0f4c45618626a2aa7bde9e631e34668eeaa81ad72c1e977c24cd0a49edebee62666b729a471447538

    • SSDEEP

      12288:fMrby90gtNYRCQoiYZivJRwpuYisdDZpD:8yTEgZwAuYisdD7D

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks