Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d00c0bb91a337cf6c953f319d457dbd.bin
-
Size
598KB
-
Sample
230801-b5wbnscd72
-
MD5
4fe978f57254768b92786df8946550c3
-
SHA1
4543f27947c0ef27ecaf94b1903ec893e27b8e8c
-
SHA256
d4aae5c549d30b86bd40fb35489578d69bb2ddd03f08804e4331c758ea33683f
-
SHA512
80b77efa628308d6bf54fccb8d022983b1daaa05bb81ab50a4923fe9f5968e3b7d0a549f6b064c45c320f5b90e2dcc88cd57c252819f35894fe1b2edbabbfb0a
-
SSDEEP
12288:GUFFu85DqqHai7eR3m+HDVaiZH/5xcP0vhWCDCBtdj87ol+c8nFprPa:GUFFu8w1i7eR2aZay5wSWpBPf8c8+
Static task
static1
Behavioral task
behavioral1
Sample
5a2e261636f9c810db5d221f9e1da740101710fe26b06ece9bea826232778a53.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5a2e261636f9c810db5d221f9e1da740101710fe26b06ece9bea826232778a53.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
5a2e261636f9c810db5d221f9e1da740101710fe26b06ece9bea826232778a53.exe
-
Size
642KB
-
MD5
7d00c0bb91a337cf6c953f319d457dbd
-
SHA1
7263199a3272669d127807f036f89d064a2e7956
-
SHA256
5a2e261636f9c810db5d221f9e1da740101710fe26b06ece9bea826232778a53
-
SHA512
1504ee7900bd0adf5e06351ccd56ad8db74455a3fb7359e3a6f5313088b66935a898444a132a7c39ef4d2419016f3e512432b3f153b785183fe476f1afba4ca2
-
SSDEEP
12288:UMrpy90KXAiLJdTDmxSpxqa6sYMnMLkvLoFRf+UozBXEX:lykizTxWa6slMwvLdBzBs
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1