Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305

  • Size

    829KB

  • Sample

    230901-xffqkshb42

  • MD5

    d86336b7ee0ef9b59c2882c30c948df1

  • SHA1

    172b3b44ce68a05d5591bf0230a95e74c15062af

  • SHA256

    2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305

  • SHA512

    7c577d1cd5c549baf9553bcddab5f3c07624735a02303a9d6a414131e4e97839b9726501dbbadd26d79dfd01b7fc7114039afb56aa0ec51c6b728a6f8b2f0a7f

  • SSDEEP

    12288:lMrby90yeLXK0ZLOJmogUxOKDHW4QsCZ7KCmMDrx9jcVt12JXTFmD3jQ0dZ0OaZd:+y8L/O55Qsf+X30UJXTQD3jQ0v34d

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes
  • auth_value

    74e19436acac85e44d691aebcc617529

Targets

    • Target

      JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305

    • Size

      829KB

    • MD5

      d86336b7ee0ef9b59c2882c30c948df1

    • SHA1

      172b3b44ce68a05d5591bf0230a95e74c15062af

    • SHA256

      2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305

    • SHA512

      7c577d1cd5c549baf9553bcddab5f3c07624735a02303a9d6a414131e4e97839b9726501dbbadd26d79dfd01b7fc7114039afb56aa0ec51c6b728a6f8b2f0a7f

    • SSDEEP

      12288:lMrby90yeLXK0ZLOJmogUxOKDHW4QsCZ7KCmMDrx9jcVt12JXTFmD3jQ0dZ0OaZd:+y8L/O55Qsf+X30UJXTQD3jQ0v34d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks