Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d

  • Size

    549KB

  • Sample

    241111-bkd7nazbpc

  • MD5

    2a04709edd1d1f12fd1518b24b384c76

  • SHA1

    95432e860bd9bcb1aec7d6ba66d6e6ace2eb4981

  • SHA256

    cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d

  • SHA512

    aa133da4275e2bced62aa91c6408afd4f047ab3f73932c7ec4636dd5f3eb2ca689d31bd2317810c606937234c922a5df3bc7ab319875cd5c69c7caf8b703913b

  • SSDEEP

    12288:VMrSy90ST5gH482KZMIyVaopGGpJuDKgBnaQDU9SrUJbKvN:3yl58ZBmaopzujoQDU9J2l

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d

    • Size

      549KB

    • MD5

      2a04709edd1d1f12fd1518b24b384c76

    • SHA1

      95432e860bd9bcb1aec7d6ba66d6e6ace2eb4981

    • SHA256

      cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d

    • SHA512

      aa133da4275e2bced62aa91c6408afd4f047ab3f73932c7ec4636dd5f3eb2ca689d31bd2317810c606937234c922a5df3bc7ab319875cd5c69c7caf8b703913b

    • SSDEEP

      12288:VMrSy90ST5gH482KZMIyVaopGGpJuDKgBnaQDU9SrUJbKvN:3yl58ZBmaopzujoQDU9J2l

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks