Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd2899e0893d0111481044897c0a48e73b9f32123e329d0b3ed541755d75f29d

  • Size

    1.2MB

  • Sample

    231012-16xzbsfa38

  • MD5

    be82daf864e184a14fb43525cf7e8053

  • SHA1

    744444df20e5c732afa11044f0b7f55136d15294

  • SHA256

    cd2899e0893d0111481044897c0a48e73b9f32123e329d0b3ed541755d75f29d

  • SHA512

    28ed5630d95abe1b8d828985388934854571eb5ee692f67af82c6ed3559b50728c61d3220c709d578952649714c037e86361d4e008667967f69f41399b8221b4

  • SSDEEP

    24576:cZtRSzcCvwDpJZucgChLL9+/5lfdu8Tek8xQctShZ:cZtqKuS3+/5ZTa2ctShZ

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      cd2899e0893d0111481044897c0a48e73b9f32123e329d0b3ed541755d75f29d

    • Size

      1.2MB

    • MD5

      be82daf864e184a14fb43525cf7e8053

    • SHA1

      744444df20e5c732afa11044f0b7f55136d15294

    • SHA256

      cd2899e0893d0111481044897c0a48e73b9f32123e329d0b3ed541755d75f29d

    • SHA512

      28ed5630d95abe1b8d828985388934854571eb5ee692f67af82c6ed3559b50728c61d3220c709d578952649714c037e86361d4e008667967f69f41399b8221b4

    • SSDEEP

      24576:cZtRSzcCvwDpJZucgChLL9+/5lfdu8Tek8xQctShZ:cZtqKuS3+/5ZTa2ctShZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks