Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94

  • Size

    829KB

  • Sample

    230902-pakhksda75

  • MD5

    66fd8603446bca9eac3c199c2cb75540

  • SHA1

    e6ab59135af3a8cbcdad32357085d132d0d40339

  • SHA256

    a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94

  • SHA512

    9d97aada3d05d01c2ecdb2ad2e2828f674d74de26c1edfe9a1c7961b2a3619566c8e92213ae7cac4ce7a51f0ed192074d320fc0a619e88d8096240a299330a23

  • SSDEEP

    12288:uMrdy90Lq2eBlXwW/f53iLY8gygcSrMRRy5NO4n4mVH2fa8c4XHnyl8tdi2l/87:7ycG9w6f1T8g3MLy5NPpvQ1tdi2lO

Malware Config

Extracted

Family

redline

Botnet

bobik

C2

77.91.124.82:19071

Attributes
  • auth_value

    d639522ae3c9dda998264d691a19eb33

Targets

    • Target

      JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94

    • Size

      829KB

    • MD5

      66fd8603446bca9eac3c199c2cb75540

    • SHA1

      e6ab59135af3a8cbcdad32357085d132d0d40339

    • SHA256

      a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94

    • SHA512

      9d97aada3d05d01c2ecdb2ad2e2828f674d74de26c1edfe9a1c7961b2a3619566c8e92213ae7cac4ce7a51f0ed192074d320fc0a619e88d8096240a299330a23

    • SSDEEP

      12288:uMrdy90Lq2eBlXwW/f53iLY8gygcSrMRRy5NO4n4mVH2fa8c4XHnyl8tdi2l/87:7ycG9w6f1T8g3MLy5NPpvQ1tdi2lO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.