Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4b5ac01b9c3209fb0bcddbad0986bb4a.exe
-
Size
1.2MB
-
Sample
230716-h9zyzsch64
-
MD5
4b5ac01b9c3209fb0bcddbad0986bb4a
-
SHA1
65f2ae841ced39a952231d5c948a03656722e518
-
SHA256
5de64d5ab56bad52329947e26f8110fed2348f921e93665a3999fc44153d6ef8
-
SHA512
cc70c77b2ba9c02593ba6053a98b31cb024fcf0558df0c33baaca4e814c1f71e83829d653640f229a954c88299bb463edbb64b2c9b1d304bda6d281c2df75c0c
-
SSDEEP
24576:kyYAb9wJ23e65odkfOhx+JdiKF6aLxOvTv/K1xBha1/jSZ6ZLBv:zX9wZMrlam7s
Malware Config
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Targets
-
-
Target
4b5ac01b9c3209fb0bcddbad0986bb4a.exe
-
Size
1.2MB
-
MD5
4b5ac01b9c3209fb0bcddbad0986bb4a
-
SHA1
65f2ae841ced39a952231d5c948a03656722e518
-
SHA256
5de64d5ab56bad52329947e26f8110fed2348f921e93665a3999fc44153d6ef8
-
SHA512
cc70c77b2ba9c02593ba6053a98b31cb024fcf0558df0c33baaca4e814c1f71e83829d653640f229a954c88299bb463edbb64b2c9b1d304bda6d281c2df75c0c
-
SSDEEP
24576:kyYAb9wJ23e65odkfOhx+JdiKF6aLxOvTv/K1xBha1/jSZ6ZLBv:zX9wZMrlam7s
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-