Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5
-
Size
555KB
-
Sample
230805-1ts5lsgc8x
-
MD5
12da61e1bb7a1f42ec3a5f9b93efb704
-
SHA1
38ed54e6f84067c71f99430bb6781a68ff9a3be6
-
SHA256
626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5
-
SHA512
34334ee280f9e1ed4ff8bf5c61e9943c6e36aeeb95810315d7f27b8eedcba42d9f28150b10346da13ebc41dc977900a2fc723f6c45b9125b373706716c85b139
-
SSDEEP
12288:zMryy90FqPp4FH02JurIeg9aAYOCgBYCk0wLd0AZ636+0+y1:pywqCZJiICOzOR0Ac3ha1
Static task
static1
Behavioral task
behavioral1
Sample
626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
savin
77.91.124.156:19071
-
auth_value
a1a05b810428195ab7bb63b132ea0c8d
Targets
-
-
Target
626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5
-
Size
555KB
-
MD5
12da61e1bb7a1f42ec3a5f9b93efb704
-
SHA1
38ed54e6f84067c71f99430bb6781a68ff9a3be6
-
SHA256
626a905fc75183af328c00ab6e9b4d8917c9308ccdaba6071e1c0ad8616530f5
-
SHA512
34334ee280f9e1ed4ff8bf5c61e9943c6e36aeeb95810315d7f27b8eedcba42d9f28150b10346da13ebc41dc977900a2fc723f6c45b9125b373706716c85b139
-
SSDEEP
12288:zMryy90FqPp4FH02JurIeg9aAYOCgBYCk0wLd0AZ636+0+y1:pywqCZJiICOzOR0Ac3ha1
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1