Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a

  • Size

    1.2MB

  • Sample

    231013-ytkgcshh74

  • MD5

    d1fe87b968d82a18079d364fbacd925c

  • SHA1

    1c0a756cd3aeb46dd9cc68b27ce5d8e14895d635

  • SHA256

    fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a

  • SHA512

    36b268b08cf3ec4897faf21fe0974aa2208ef144a7f8235248bc0e197dc01f3dc758ac23f9e3d25a02889c7a7d178fa5ea9eecda61dcfd22ae8b4cfaa08358a2

  • SSDEEP

    24576:k/84HcyCYwmdpQHAZ6MEf/k19o0HxSFsNQe4XdB7xxX16G:e84HZ+OuHAZI8LrckQe4XdB7/X8G

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a

    • Size

      1.2MB

    • MD5

      d1fe87b968d82a18079d364fbacd925c

    • SHA1

      1c0a756cd3aeb46dd9cc68b27ce5d8e14895d635

    • SHA256

      fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a

    • SHA512

      36b268b08cf3ec4897faf21fe0974aa2208ef144a7f8235248bc0e197dc01f3dc758ac23f9e3d25a02889c7a7d178fa5ea9eecda61dcfd22ae8b4cfaa08358a2

    • SSDEEP

      24576:k/84HcyCYwmdpQHAZ6MEf/k19o0HxSFsNQe4XdB7xxX16G:e84HZ+OuHAZI8LrckQe4XdB7/X8G

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks