Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
-
Size
517KB
-
Sample
230801-jh5wlafd4z
-
MD5
99828315ef1fe84341457eb71d62384f
-
SHA1
0e1e393a22204a95cc0130a2def4afa59c4fb76f
-
SHA256
97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
-
SHA512
42d2e4bf622bf5eb75c6ab00e4a33e530c0cf115904efd8370a8a35237ed1c543a3f7df7ffff4c60e1e9c15a6e660c6ef52c4452070f73bf93edc8fb640b4d54
-
SSDEEP
12288:PMrty90GnGVS06dkqjXWsqf6B1jqTrUdMPR28tJ9:uy7ns0m0BIv0MPRJl
Static task
static1
Behavioral task
behavioral1
Sample
97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
lodka
77.91.124.156:19071
-
auth_value
76f99d6cc9332c02bb9728c3ba80d3a9
Targets
-
-
Target
97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
-
Size
517KB
-
MD5
99828315ef1fe84341457eb71d62384f
-
SHA1
0e1e393a22204a95cc0130a2def4afa59c4fb76f
-
SHA256
97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
-
SHA512
42d2e4bf622bf5eb75c6ab00e4a33e530c0cf115904efd8370a8a35237ed1c543a3f7df7ffff4c60e1e9c15a6e660c6ef52c4452070f73bf93edc8fb640b4d54
-
SSDEEP
12288:PMrty90GnGVS06dkqjXWsqf6B1jqTrUdMPR28tJ9:uy7ns0m0BIv0MPRJl
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1