Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c

  • Size

    1.2MB

  • Sample

    231012-v43h5sec9y

  • MD5

    1887ee1fe7412938d0b50e5048e66022

  • SHA1

    221ec027a401906ad86063ee058f029298989798

  • SHA256

    05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c

  • SHA512

    b2336235c24fe1d3df8e732bd10520d78043739701a6e40dd5f87ab094b1fd35556f22f1fed9bb6c722829b6395f560a39703229e475598b7f391dc0819fb092

  • SSDEEP

    24576:VYtTYUw0/rq2RKjMWtjW5dXdswgy0nEGfyi0qdmGSygOTMrZV2RZ:VYtTYH0/O2vWNCrDgy0nEXi0bDbIZ

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c

    • Size

      1.2MB

    • MD5

      1887ee1fe7412938d0b50e5048e66022

    • SHA1

      221ec027a401906ad86063ee058f029298989798

    • SHA256

      05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c

    • SHA512

      b2336235c24fe1d3df8e732bd10520d78043739701a6e40dd5f87ab094b1fd35556f22f1fed9bb6c722829b6395f560a39703229e475598b7f391dc0819fb092

    • SSDEEP

      24576:VYtTYUw0/rq2RKjMWtjW5dXdswgy0nEGfyi0qdmGSygOTMrZV2RZ:VYtTYH0/O2vWNCrDgy0nEXi0bDbIZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks