Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e0b7cd292d5a715f078301281db4e0af93c845bcd016c8b89604997424a4ca6

  • Size

    828KB

  • Sample

    230822-z2733afd95

  • MD5

    dc2aefdbe2b21a6d7865b8f438871f33

  • SHA1

    8e005f2c7a8a855f83cf6c1c35bace96e36292d0

  • SHA256

    3e0b7cd292d5a715f078301281db4e0af93c845bcd016c8b89604997424a4ca6

  • SHA512

    a78f22eebb96bd3ebaf53c9d3dc2a16bf7ea0875ed9f1d8ce8bf899404fd80540094917e31887af544cd4e61084b6373b86984c7cb20a4c23f944498a324116d

  • SSDEEP

    24576:2ypwS3F9IJIdrc+B5mzm31HrfKDwbjUn:Fh3XImcum6lZbj

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes
  • auth_value

    320c7daa59eb9b82e20a15162392a756

Targets

    • Target

      3e0b7cd292d5a715f078301281db4e0af93c845bcd016c8b89604997424a4ca6

    • Size

      828KB

    • MD5

      dc2aefdbe2b21a6d7865b8f438871f33

    • SHA1

      8e005f2c7a8a855f83cf6c1c35bace96e36292d0

    • SHA256

      3e0b7cd292d5a715f078301281db4e0af93c845bcd016c8b89604997424a4ca6

    • SHA512

      a78f22eebb96bd3ebaf53c9d3dc2a16bf7ea0875ed9f1d8ce8bf899404fd80540094917e31887af544cd4e61084b6373b86984c7cb20a4c23f944498a324116d

    • SSDEEP

      24576:2ypwS3F9IJIdrc+B5mzm31HrfKDwbjUn:Fh3XImcum6lZbj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks