Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9

  • Size

    1.2MB

  • Sample

    231013-fmh1vaeh2s

  • MD5

    fe3f38ecd2588f5859199841286083ae

  • SHA1

    dbdb1f87ded800cc360c28968d01d42e21dd744f

  • SHA256

    0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9

  • SHA512

    8e0d9f22b13b0e85f6903468d5c86b4272e50d2c042520a81cb2ac668d9ce4920084e196799f9f43d17f026f8d31feb7e81e5f3eb24fd13c56651b0858f46dfc

  • SSDEEP

    24576:jBuqRu53jCLkdw27qLL4WLz/liL+IUA5d/53OiFOr4UL6wzpwOYLG:NuqRq3Z7qLL4WLLliL+MHBNFOrjL6wzD

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9

    • Size

      1.2MB

    • MD5

      fe3f38ecd2588f5859199841286083ae

    • SHA1

      dbdb1f87ded800cc360c28968d01d42e21dd744f

    • SHA256

      0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9

    • SHA512

      8e0d9f22b13b0e85f6903468d5c86b4272e50d2c042520a81cb2ac668d9ce4920084e196799f9f43d17f026f8d31feb7e81e5f3eb24fd13c56651b0858f46dfc

    • SSDEEP

      24576:jBuqRu53jCLkdw27qLL4WLz/liL+IUA5d/53OiFOr4UL6wzpwOYLG:NuqRq3Z7qLL4WLLliL+MHBNFOrjL6wzD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks