Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13ab92791169611e171f0be1490847a592999c902b3ba4f3f0e2fa61a5996d90
-
Size
680KB
-
Sample
230808-rfynhach99
-
MD5
31f9188d365f136a081551381c0ab0cb
-
SHA1
7d0aed2996472f6e9343121d4a76c902997f7e31
-
SHA256
13ab92791169611e171f0be1490847a592999c902b3ba4f3f0e2fa61a5996d90
-
SHA512
6ac8f70f9614d1d8e17547c44cac2863241ae360c8e45ef7d69c519502868ccc270b2e6323281b14fd55ad04973f1d6de9f5f2cd491d8298f5031d50f2f3fa0f
-
SSDEEP
12288:MMrky90jJoTEDioZBSaXM1V/C/XLI6DtlPTsSUFA1aDmMHMjmV:IyRYDioZBiQz75dcJDDHx
Static task
static1
Behavioral task
behavioral1
Sample
13ab92791169611e171f0be1490847a592999c902b3ba4f3f0e2fa61a5996d90.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
welos
77.91.124.156:19071
-
auth_value
9605367dc0a1f64eb2f71769fb518fcf
Targets
-
-
Target
13ab92791169611e171f0be1490847a592999c902b3ba4f3f0e2fa61a5996d90
-
Size
680KB
-
MD5
31f9188d365f136a081551381c0ab0cb
-
SHA1
7d0aed2996472f6e9343121d4a76c902997f7e31
-
SHA256
13ab92791169611e171f0be1490847a592999c902b3ba4f3f0e2fa61a5996d90
-
SHA512
6ac8f70f9614d1d8e17547c44cac2863241ae360c8e45ef7d69c519502868ccc270b2e6323281b14fd55ad04973f1d6de9f5f2cd491d8298f5031d50f2f3fa0f
-
SSDEEP
12288:MMrky90jJoTEDioZBSaXM1V/C/XLI6DtlPTsSUFA1aDmMHMjmV:IyRYDioZBiQz75dcJDDHx
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1