Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08
-
Size
517KB
-
Sample
230801-etdh9sed6v
-
MD5
ed63ae4f8ac418d16039f5d1defe4572
-
SHA1
37070a2a531208c002b61fe03427944070dc87d9
-
SHA256
d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08
-
SHA512
c343f85a911382d4111a1d1cbd3699384f4151fab6ff52f660cc724e8348748b111258da36943883de77a581adc539c86b7be13f697c9b73d1478c842166d60f
-
SSDEEP
12288:oMrty90u9tQ0zvmwL9DCo/CU1aSIH3LZQ+oI/6WMY+gBYCs39wJTv:1yTtQ2tDbqU1g3LDv9xzo6Tv
Static task
static1
Behavioral task
behavioral1
Sample
d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
lodka
77.91.124.156:19071
-
auth_value
76f99d6cc9332c02bb9728c3ba80d3a9
Targets
-
-
Target
d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08
-
Size
517KB
-
MD5
ed63ae4f8ac418d16039f5d1defe4572
-
SHA1
37070a2a531208c002b61fe03427944070dc87d9
-
SHA256
d61f94d9863a274aab18bf36abd9eb9f0b92e571abecc62ddbaf8aac9b040f08
-
SHA512
c343f85a911382d4111a1d1cbd3699384f4151fab6ff52f660cc724e8348748b111258da36943883de77a581adc539c86b7be13f697c9b73d1478c842166d60f
-
SSDEEP
12288:oMrty90u9tQ0zvmwL9DCo/CU1aSIH3LZQ+oI/6WMY+gBYCs39wJTv:1yTtQ2tDbqU1g3LDv9xzo6Tv
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1