Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

  • Size

    1.2MB

  • Sample

    240817-y4nlrsxenq

  • MD5

    1b770e134595e88e7bfe52bd21910268

  • SHA1

    cddfeff7348a043e63409c5152cba012c4bb447e

  • SHA256

    428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

  • SHA512

    0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745

  • SSDEEP

    24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

    • Size

      1.2MB

    • MD5

      1b770e134595e88e7bfe52bd21910268

    • SHA1

      cddfeff7348a043e63409c5152cba012c4bb447e

    • SHA256

      428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

    • SHA512

      0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745

    • SSDEEP

      24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks