Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb

  • Size

    828KB

  • Sample

    230822-3eepsahf2t

  • MD5

    8b5019f7eeb01c17088e92b98b5e953c

  • SHA1

    d64e1762cec1af4d2d39155725707479077531af

  • SHA256

    bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb

  • SHA512

    9bd607c4612f0d70b1e94484a7a9f8eb39e19d10b88d19079c1bdd5a2c1b34dfde9b959054ab80f521dbde04325857ceda7859f462d027565fc43b93493084dc

  • SSDEEP

    12288:GMrwy90FCcA+hql0H9mkDvSyqiptHNm8XLNFzj4eICgMeHKWgnP6ZsBY1qBpsf:ay0CcvMGkkrSyfnIu5KeIC7HWgycq

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes
  • auth_value

    320c7daa59eb9b82e20a15162392a756

Targets

    • Target

      bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb

    • Size

      828KB

    • MD5

      8b5019f7eeb01c17088e92b98b5e953c

    • SHA1

      d64e1762cec1af4d2d39155725707479077531af

    • SHA256

      bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb

    • SHA512

      9bd607c4612f0d70b1e94484a7a9f8eb39e19d10b88d19079c1bdd5a2c1b34dfde9b959054ab80f521dbde04325857ceda7859f462d027565fc43b93493084dc

    • SSDEEP

      12288:GMrwy90FCcA+hql0H9mkDvSyqiptHNm8XLNFzj4eICgMeHKWgnP6ZsBY1qBpsf:ay0CcvMGkkrSyfnIu5KeIC7HWgycq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks