Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
be20e8d108cf9e94319678c0f61393d4.exe
-
Size
389KB
-
Sample
230720-l836ssfd29
-
MD5
be20e8d108cf9e94319678c0f61393d4
-
SHA1
9ca7da9916d071095a2985ecb2408f24f9978453
-
SHA256
277f52adcffdae3b95ac4c1b928de6c4a507600023471054f5c9d34f3b852f94
-
SHA512
4a60a1bb61a320deabeeebb508685a024c2b6c1d065221bc5a2682a90193300899d49e355675b84293875486cd08e94d582c95df886ca3330bef74cb0921afca
-
SSDEEP
6144:KPy+bnr+Lp0yN90QE9dx9l253NzJGHDRezddZ5ULvrGEf51/HmbTME:FMr7y90P25uFEnwrGEr/YT5
Static task
static1
Behavioral task
behavioral1
Sample
be20e8d108cf9e94319678c0f61393d4.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
be20e8d108cf9e94319678c0f61393d4.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
be20e8d108cf9e94319678c0f61393d4.exe
-
Size
389KB
-
MD5
be20e8d108cf9e94319678c0f61393d4
-
SHA1
9ca7da9916d071095a2985ecb2408f24f9978453
-
SHA256
277f52adcffdae3b95ac4c1b928de6c4a507600023471054f5c9d34f3b852f94
-
SHA512
4a60a1bb61a320deabeeebb508685a024c2b6c1d065221bc5a2682a90193300899d49e355675b84293875486cd08e94d582c95df886ca3330bef74cb0921afca
-
SSDEEP
6144:KPy+bnr+Lp0yN90QE9dx9l253NzJGHDRezddZ5ULvrGEf51/HmbTME:FMr7y90P25uFEnwrGEr/YT5
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-