Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d
-
Size
680KB
-
Sample
230804-myqcmabf91
-
MD5
af39a06d112b58d6343e8442416ea389
-
SHA1
f852716981683a885b9417ce6ff0b4ca74b7fd64
-
SHA256
ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d
-
SHA512
f11f51c9c8bb866e0b323ef74a04747cab297776969f10256def189378d54fc6fb5e17c1d0bcfca9402bd4e56cef23dac965f8ef65646599ca85f17a3a0bebd0
-
SSDEEP
12288:LMrKy90wxWNzFFZZXQDp6krbXxji05oVNLgWP59aFYtH6L6GAj2ELJCsB:5ytxWNRTWkkrbBpaRkSJq6ZB
Static task
static1
Behavioral task
behavioral1
Sample
ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
maxik
77.91.124.156:19071
-
auth_value
a7714e1bc167c67e3fc8f9e368352269
Targets
-
-
Target
ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d
-
Size
680KB
-
MD5
af39a06d112b58d6343e8442416ea389
-
SHA1
f852716981683a885b9417ce6ff0b4ca74b7fd64
-
SHA256
ee2406a131ec6e3d4d8e1f0ddd3cb533221546707b94878e6e55636464ada65d
-
SHA512
f11f51c9c8bb866e0b323ef74a04747cab297776969f10256def189378d54fc6fb5e17c1d0bcfca9402bd4e56cef23dac965f8ef65646599ca85f17a3a0bebd0
-
SSDEEP
12288:LMrKy90wxWNzFFZZXQDp6krbXxji05oVNLgWP59aFYtH6L6GAj2ELJCsB:5ytxWNRTWkkrbBpaRkSJq6ZB
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1