Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5f23f6acdfc7d00a2eaadafe4a69c8a0.exe
-
Size
680KB
-
Sample
230804-17cd1sef44
-
MD5
5f23f6acdfc7d00a2eaadafe4a69c8a0
-
SHA1
8d26df7b4eb3a269704110a1dd3ae4943ed5deed
-
SHA256
10c14c8b65fdeb72ea10c327213f511d0a5de9b456d2a9c937c53964dbc677d6
-
SHA512
c6811a1c13cbf7c5af6be7fd1bfebe88dc0c1027a9d2260b7a71ee3640321a6b6aa4a80ab3352358f53fe3fffc0ed941295a8fdf159325c204c72df3253c2e27
-
SSDEEP
12288:iMrsy90Ap8h1euY0nRP149zP8r3c9fE3SFKNU0Gefpgp6lP4B:Ky58HP1WkI983SFoUVef81B
Static task
static1
Behavioral task
behavioral1
Sample
5f23f6acdfc7d00a2eaadafe4a69c8a0.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5f23f6acdfc7d00a2eaadafe4a69c8a0.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
micky
77.91.124.172:19071
-
auth_value
748f3c67c004f4a994500f05127b4428
Targets
-
-
Target
5f23f6acdfc7d00a2eaadafe4a69c8a0.exe
-
Size
680KB
-
MD5
5f23f6acdfc7d00a2eaadafe4a69c8a0
-
SHA1
8d26df7b4eb3a269704110a1dd3ae4943ed5deed
-
SHA256
10c14c8b65fdeb72ea10c327213f511d0a5de9b456d2a9c937c53964dbc677d6
-
SHA512
c6811a1c13cbf7c5af6be7fd1bfebe88dc0c1027a9d2260b7a71ee3640321a6b6aa4a80ab3352358f53fe3fffc0ed941295a8fdf159325c204c72df3253c2e27
-
SSDEEP
12288:iMrsy90Ap8h1euY0nRP149zP8r3c9fE3SFKNU0Gefpgp6lP4B:Ky58HP1WkI983SFoUVef81B
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1