Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e

  • Size

    826KB

  • Sample

    230827-t91q3abf54

  • MD5

    117bf634d70e27870b32d2e3b390db61

  • SHA1

    bcb98ee589428aa941aad060073b11b4e8b6f383

  • SHA256

    d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e

  • SHA512

    851042e5e92d2cfbc43d8a4d7432753217426bcfb9552301c02933c48d96149798643457a09a37fafff700283cd35f979fdadb6eb624cbbbba567c0157ba0b26

  • SSDEEP

    12288:WMr8y905IbwkUlz+VJEFayGDb7mjTvrMTZ9cvLEU958DJSpSoBkDkkN1x1x6w:uyXskUlz1aO/vrMMYWQRoyksxL6w

Malware Config

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes
  • auth_value

    43fe50e9ee6afb85588e03ac9676e2f7

Targets

    • Target

      d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e

    • Size

      826KB

    • MD5

      117bf634d70e27870b32d2e3b390db61

    • SHA1

      bcb98ee589428aa941aad060073b11b4e8b6f383

    • SHA256

      d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e

    • SHA512

      851042e5e92d2cfbc43d8a4d7432753217426bcfb9552301c02933c48d96149798643457a09a37fafff700283cd35f979fdadb6eb624cbbbba567c0157ba0b26

    • SSDEEP

      12288:WMr8y905IbwkUlz+VJEFayGDb7mjTvrMTZ9cvLEU958DJSpSoBkDkkN1x1x6w:uyXskUlz1aO/vrMMYWQRoyksxL6w

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks