Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bdbc86b6757b826910141e2f12f4516df9594d7b8494cb2787e367a088941b2aN.exe

  • Size

    1.3MB

  • Sample

    241111-dakb2a1flg

  • MD5

    3591bada34bf6613fbd3ae779d8580a4

  • SHA1

    56a7e9824326b4cab52c3a2e004539312ed1c350

  • SHA256

    b82750cab036a21ecf6b44be42d10db314fce2d1275cd28327acef6ed18a182a

  • SHA512

    6dbe7385c8f875f1497b3ef66c02108a3b50543ed43ebb029f8f9d579e5c6fb5efc9e3c3354fc41999710db6935bdfe821bfa8b2d02027b2a34e95a3b2b5f1bd

  • SSDEEP

    24576:UyTrzPSDFKBpRbSlKZxKRZKXq7hNmzMKo4fh1wUKBXGvOqNv3V:jTrW5KBpRGsqbKXqPmH622qdF

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      bdbc86b6757b826910141e2f12f4516df9594d7b8494cb2787e367a088941b2aN.exe

    • Size

      1.3MB

    • MD5

      3591bada34bf6613fbd3ae779d8580a4

    • SHA1

      56a7e9824326b4cab52c3a2e004539312ed1c350

    • SHA256

      b82750cab036a21ecf6b44be42d10db314fce2d1275cd28327acef6ed18a182a

    • SHA512

      6dbe7385c8f875f1497b3ef66c02108a3b50543ed43ebb029f8f9d579e5c6fb5efc9e3c3354fc41999710db6935bdfe821bfa8b2d02027b2a34e95a3b2b5f1bd

    • SSDEEP

      24576:UyTrzPSDFKBpRbSlKZxKRZKXq7hNmzMKo4fh1wUKBXGvOqNv3V:jTrW5KBpRGsqbKXqPmH622qdF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks