Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1

  • Size

    929KB

  • Sample

    230902-mefn3scb46

  • MD5

    c8f489dc96ecac12d54b8258422d31d7

  • SHA1

    d8a1ccc703fb05ac04d2d5dea72db916628c92bf

  • SHA256

    02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1

  • SHA512

    de54275118329d03f696d35556c56af3895a184cbe6fbca68c6a28bdd954114247d232b94f22be0efe68eaa506bcfbf36779d93ddbe1d9e42eb765c52806d051

  • SSDEEP

    24576:gyBAtj3cgYsLCqD48Aad6Z4yEOFzpoMOIS:nMQILfMPZQOHOI

Malware Config

Extracted

Family

redline

Botnet

bobik

C2

77.91.124.82:19071

Attributes
  • auth_value

    d639522ae3c9dda998264d691a19eb33

Targets

    • Target

      JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1

    • Size

      929KB

    • MD5

      c8f489dc96ecac12d54b8258422d31d7

    • SHA1

      d8a1ccc703fb05ac04d2d5dea72db916628c92bf

    • SHA256

      02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1

    • SHA512

      de54275118329d03f696d35556c56af3895a184cbe6fbca68c6a28bdd954114247d232b94f22be0efe68eaa506bcfbf36779d93ddbe1d9e42eb765c52806d051

    • SSDEEP

      24576:gyBAtj3cgYsLCqD48Aad6Z4yEOFzpoMOIS:nMQILfMPZQOHOI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks