Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7

  • Size

    1.2MB

  • Sample

    231013-dbcctadc22

  • MD5

    afdcb9fe08736951088d5f1ac3a91882

  • SHA1

    31638b05828c06bebc0e4fd654a1777a71f27855

  • SHA256

    0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7

  • SHA512

    fb33e564a5f8c4d67631d7331dd3903bfb8b993f1fe63b79f0cbf35fba501424c7ef91423c14dc46c72f13189fbf97212a69489a2da17e2665ca19352fe1d762

  • SSDEEP

    24576:EZtRsbYYOb5xGSBs7dsNIriUZ5aV/8c3lK2i6b0sJQp95IFHIuhqnMzXhu62G9eC:EZtRsXOb5x/OWYimc6cTkkjo8XlhZ

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7

    • Size

      1.2MB

    • MD5

      afdcb9fe08736951088d5f1ac3a91882

    • SHA1

      31638b05828c06bebc0e4fd654a1777a71f27855

    • SHA256

      0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7

    • SHA512

      fb33e564a5f8c4d67631d7331dd3903bfb8b993f1fe63b79f0cbf35fba501424c7ef91423c14dc46c72f13189fbf97212a69489a2da17e2665ca19352fe1d762

    • SSDEEP

      24576:EZtRsbYYOb5xGSBs7dsNIriUZ5aV/8c3lK2i6b0sJQp95IFHIuhqnMzXhu62G9eC:EZtRsXOb5x/OWYimc6cTkkjo8XlhZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks