Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b

  • Size

    829KB

  • Sample

    230823-ncppmsdb5v

  • MD5

    de7e162e101efce9b2c2005f2574fc0e

  • SHA1

    9448f5251cb4b4df414417655d6fb7859d04d4be

  • SHA256

    237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b

  • SHA512

    cd95e14d31c6f4c5b592b80d27689db644412fce386bb81e6ff1434655c252c3d3cceeff60041e205b426ab91114b8ccef927ea0f74c04454641487c5bed6fcc

  • SSDEEP

    24576:OyKl52iJun73tw12Lwpte59gZhnDo7IhK+3Jq:dKl52hhw12cbkWDo/SJ

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes
  • auth_value

    320c7daa59eb9b82e20a15162392a756

Targets

    • Target

      237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b

    • Size

      829KB

    • MD5

      de7e162e101efce9b2c2005f2574fc0e

    • SHA1

      9448f5251cb4b4df414417655d6fb7859d04d4be

    • SHA256

      237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b

    • SHA512

      cd95e14d31c6f4c5b592b80d27689db644412fce386bb81e6ff1434655c252c3d3cceeff60041e205b426ab91114b8ccef927ea0f74c04454641487c5bed6fcc

    • SSDEEP

      24576:OyKl52iJun73tw12Lwpte59gZhnDo7IhK+3Jq:dKl52hhw12cbkWDo/SJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks