Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cbe57d96651031a839b04e7e6b78845505a8111a77a33e6dead25e83c4154a5d

  • Size

    827KB

  • Sample

    230901-tj6vdsfg6w

  • MD5

    c279a22b1e241547107ab22df7371e8e

  • SHA1

    283f6237458319a442d540bdcaa4a8eb56c90561

  • SHA256

    cbe57d96651031a839b04e7e6b78845505a8111a77a33e6dead25e83c4154a5d

  • SHA512

    5727af76d9ea28c6111cbf3521f6704a2c5c15d088b54aec9a3a44a9fc477687bd53614b3c27ff32e8b48646e863404481947c97d10a69d8055d41c045054f56

  • SSDEEP

    12288:mMrpy901uHkyeli9PAX9Ub9QH0qCj1i6FeA/nVsIz51yDJSFxStdj2K/3OPxfL:ny7lPxGH03nn1yDJSFkndOPd

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes
  • auth_value

    74e19436acac85e44d691aebcc617529

Targets

    • Target

      cbe57d96651031a839b04e7e6b78845505a8111a77a33e6dead25e83c4154a5d

    • Size

      827KB

    • MD5

      c279a22b1e241547107ab22df7371e8e

    • SHA1

      283f6237458319a442d540bdcaa4a8eb56c90561

    • SHA256

      cbe57d96651031a839b04e7e6b78845505a8111a77a33e6dead25e83c4154a5d

    • SHA512

      5727af76d9ea28c6111cbf3521f6704a2c5c15d088b54aec9a3a44a9fc477687bd53614b3c27ff32e8b48646e863404481947c97d10a69d8055d41c045054f56

    • SSDEEP

      12288:mMrpy901uHkyeli9PAX9Ub9QH0qCj1i6FeA/nVsIz51yDJSFxStdj2K/3OPxfL:ny7lPxGH03nn1yDJSFkndOPd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks