Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    16ec33d8fc76a95937c2e02b7544ad29b5b443077ca1a05329af4ddc5f2d4231

  • Size

    1.2MB

  • Sample

    231013-anz3vshf55

  • MD5

    3aa3a8b330051d89a4464bf133824d94

  • SHA1

    2695a9849acf00209505624b254ab68658fbfd05

  • SHA256

    16ec33d8fc76a95937c2e02b7544ad29b5b443077ca1a05329af4ddc5f2d4231

  • SHA512

    1ccc83891e2ac27ae8dd7c5c4b9b712b4bfb2996334174d0871680285ce35570635747282545fb458f74d63a28ec456255efebf7c34b617fc13ce2b6f8a8bd2b

  • SSDEEP

    24576:jZtJSfVC7okqSyaSBm5My7ZNiEnnq3n6GXhZ:jZtJS0p/S85MyOVXhZ

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      16ec33d8fc76a95937c2e02b7544ad29b5b443077ca1a05329af4ddc5f2d4231

    • Size

      1.2MB

    • MD5

      3aa3a8b330051d89a4464bf133824d94

    • SHA1

      2695a9849acf00209505624b254ab68658fbfd05

    • SHA256

      16ec33d8fc76a95937c2e02b7544ad29b5b443077ca1a05329af4ddc5f2d4231

    • SHA512

      1ccc83891e2ac27ae8dd7c5c4b9b712b4bfb2996334174d0871680285ce35570635747282545fb458f74d63a28ec456255efebf7c34b617fc13ce2b6f8a8bd2b

    • SSDEEP

      24576:jZtJSfVC7okqSyaSBm5My7ZNiEnnq3n6GXhZ:jZtJS0p/S85MyOVXhZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks