Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794

  • Size

    726KB

  • Sample

    241109-nnyrpatdpj

  • MD5

    bfdf82e3972423d1d00f37948ff838a6

  • SHA1

    cdb8fc963bec7f444d156a661abd2b341c317017

  • SHA256

    d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794

  • SHA512

    463283fc5896e8c6327e7013502a71440261911a435d73b377a121b4f6b1f90b26b3f5e9d698d85a1b5de0250204c1bbcd545f40e39b38693bb8362c24dbfc64

  • SSDEEP

    12288:hMrmy90HDAYwZRrofsCQgXURiAC5nO8ZDA6FKgof8MfUkC74TFcyqq8Fs2cx3+X:TyRYq8HXxAQrZDdcgof8MfZC8T2q9VxV

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794

    • Size

      726KB

    • MD5

      bfdf82e3972423d1d00f37948ff838a6

    • SHA1

      cdb8fc963bec7f444d156a661abd2b341c317017

    • SHA256

      d9ec9ad50b7994deb23ec63e7a9b326e3af5057e2f7698581ba33b471aea6794

    • SHA512

      463283fc5896e8c6327e7013502a71440261911a435d73b377a121b4f6b1f90b26b3f5e9d698d85a1b5de0250204c1bbcd545f40e39b38693bb8362c24dbfc64

    • SSDEEP

      12288:hMrmy90HDAYwZRrofsCQgXURiAC5nO8ZDA6FKgof8MfUkC74TFcyqq8Fs2cx3+X:TyRYq8HXxAQrZDdcgof8MfZC8T2q9VxV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks