Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
880953844ef7e6dbff457fb9fae6b4b6241c28541139ee4139c986d929d0d0d7
-
Size
555KB
-
Sample
230805-gsytxsaf85
-
MD5
edc2d2857f1d325534277cbb5c5674d7
-
SHA1
896765d4aac54666b429b5a51f7979c4882d08fe
-
SHA256
880953844ef7e6dbff457fb9fae6b4b6241c28541139ee4139c986d929d0d0d7
-
SHA512
e4b3901b30fc128f29993a05f96d095b340d866f7cdf9ab9f91a89061d793acedf449d24cc0f9c13303e05f28d1a7e693bc2feb24f37ff1231456057c0258428
-
SSDEEP
12288:mMryy900QCfVSfiHVyYn/TNQmEDSRvAJ7sWgBYCS3lDRT0iFtJ2f:gyoCfIcVyY/pM2Rv0s1zaldbJ2f
Static task
static1
Behavioral task
behavioral1
Sample
880953844ef7e6dbff457fb9fae6b4b6241c28541139ee4139c986d929d0d0d7.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
micky
77.91.124.172:19071
-
auth_value
748f3c67c004f4a994500f05127b4428
Targets
-
-
Target
880953844ef7e6dbff457fb9fae6b4b6241c28541139ee4139c986d929d0d0d7
-
Size
555KB
-
MD5
edc2d2857f1d325534277cbb5c5674d7
-
SHA1
896765d4aac54666b429b5a51f7979c4882d08fe
-
SHA256
880953844ef7e6dbff457fb9fae6b4b6241c28541139ee4139c986d929d0d0d7
-
SHA512
e4b3901b30fc128f29993a05f96d095b340d866f7cdf9ab9f91a89061d793acedf449d24cc0f9c13303e05f28d1a7e693bc2feb24f37ff1231456057c0258428
-
SSDEEP
12288:mMryy900QCfVSfiHVyYn/TNQmEDSRvAJ7sWgBYCS3lDRT0iFtJ2f:gyoCfIcVyY/pM2Rv0s1zaldbJ2f
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1