Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee

  • Size

    827KB

  • Sample

    230822-rsdtvseb9y

  • MD5

    edab32600cb669c7c9f9f08284835e57

  • SHA1

    f36b2dd569a020b61db0d3593cf21f4da8213e4c

  • SHA256

    844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee

  • SHA512

    f190546fa2d67eb229ca5a525e05509d86b42fe0cb7f3f6d4cb4e87a95f79a6df4b0c41efc4da8eaf70562586efc4d8f59d52c900c73d191e7bf7259baed7435

  • SSDEEP

    12288:TMr4y908tFPcQRyHdfVYDb5XXtpFpeVaxO8PDtpG/PqwQYl8GuyWLdKr:PytFCdfVYDb5XXtjp12iqmGAs

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes
  • auth_value

    320c7daa59eb9b82e20a15162392a756

Targets

    • Target

      844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee

    • Size

      827KB

    • MD5

      edab32600cb669c7c9f9f08284835e57

    • SHA1

      f36b2dd569a020b61db0d3593cf21f4da8213e4c

    • SHA256

      844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee

    • SHA512

      f190546fa2d67eb229ca5a525e05509d86b42fe0cb7f3f6d4cb4e87a95f79a6df4b0c41efc4da8eaf70562586efc4d8f59d52c900c73d191e7bf7259baed7435

    • SSDEEP

      12288:TMr4y908tFPcQRyHdfVYDb5XXtpFpeVaxO8PDtpG/PqwQYl8GuyWLdKr:PytFCdfVYDb5XXtjp12iqmGAs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks