Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbfbc04a8018d517a65d65abe2e565d986c8b430d1b47ecdd592a6b52e79dabd

  • Size

    829KB

  • Sample

    230825-z2rfbaeg55

  • MD5

    5f9839b338906d76e7271c1b02c2ca1b

  • SHA1

    06fc4705e34bc555469026f7580520334c1a8c0a

  • SHA256

    cbfbc04a8018d517a65d65abe2e565d986c8b430d1b47ecdd592a6b52e79dabd

  • SHA512

    35201ee1badc7bf739789cbbfea22bf974771b7346316bd6e5e0bfa88af928ec22ac21018c6fffdc3dc34d9e524d562b6a2f073e5b26c50e0e902a309de1fa9a

  • SSDEEP

    12288:VMrYy90gLLCkFkGBA6kinfl8pAQMzqhqZ7Dly8bfAPWHjQL4h+6Rj04qz8:JyxWki36kiypAlqyg87AzE+6Rwxz8

Malware Config

Extracted

Family

redline

Botnet

jaja

C2

77.91.124.73:19071

Attributes
  • auth_value

    3670179d176ca399ed08e7914610b43c

Targets

    • Target

      cbfbc04a8018d517a65d65abe2e565d986c8b430d1b47ecdd592a6b52e79dabd

    • Size

      829KB

    • MD5

      5f9839b338906d76e7271c1b02c2ca1b

    • SHA1

      06fc4705e34bc555469026f7580520334c1a8c0a

    • SHA256

      cbfbc04a8018d517a65d65abe2e565d986c8b430d1b47ecdd592a6b52e79dabd

    • SHA512

      35201ee1badc7bf739789cbbfea22bf974771b7346316bd6e5e0bfa88af928ec22ac21018c6fffdc3dc34d9e524d562b6a2f073e5b26c50e0e902a309de1fa9a

    • SSDEEP

      12288:VMrYy90gLLCkFkGBA6kinfl8pAQMzqhqZ7Dly8bfAPWHjQL4h+6Rj04qz8:JyxWki36kiypAlqyg87AzE+6Rwxz8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks