Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c

  • Size

    826KB

  • Sample

    230901-yj4r9ahf59

  • MD5

    47c2c9104941b7a59626e84048763c75

  • SHA1

    b1f506c4fb8898f81a47ccc052b5528f27283d7b

  • SHA256

    dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c

  • SHA512

    580dcc9c63146e46f7c2119c8dfe786a7fc3c42dc8e7900f927877b40ea44bfdc3c187a32dd658810a9b04a560e79024f6446752007eea20df503c419508cf14

  • SSDEEP

    24576:Zydz4XOiWFAriGOMDcA/huO53yNh9DgC3V:MdznFrADuttkC

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes
  • auth_value

    74e19436acac85e44d691aebcc617529

Targets

    • Target

      JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c

    • Size

      826KB

    • MD5

      47c2c9104941b7a59626e84048763c75

    • SHA1

      b1f506c4fb8898f81a47ccc052b5528f27283d7b

    • SHA256

      dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c

    • SHA512

      580dcc9c63146e46f7c2119c8dfe786a7fc3c42dc8e7900f927877b40ea44bfdc3c187a32dd658810a9b04a560e79024f6446752007eea20df503c419508cf14

    • SSDEEP

      24576:Zydz4XOiWFAriGOMDcA/huO53yNh9DgC3V:MdznFrADuttkC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks