Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5
-
Size
505KB
-
Sample
230815-ywvp4sdd89
-
MD5
48afb85a07c02347c97a29ea9edf4b44
-
SHA1
f51b36e8fdfe14f001f7f5cd003291ddae59556f
-
SHA256
ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5
-
SHA512
3fcd81fc5f91b3ce5b7fecff60ac70fe16c3008272e5f1add64f20edbf7f83c234c915c234a1c93812959eb70cfc8e3e0558c487278e84cda443ba9b59ae6994
-
SSDEEP
12288:IMrVy90v7/1yLRRymj0s7RsL6Rb9Hr7zjKeKIQ+AMeBw8:9yC7/1gDHj0sL5r7fKe/V7e+8
Static task
static1
Behavioral task
behavioral1
Sample
ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
meson
77.91.124.54:19071
-
auth_value
47ca57ebe5c142c9ad4650f71bf57877
Targets
-
-
Target
ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5
-
Size
505KB
-
MD5
48afb85a07c02347c97a29ea9edf4b44
-
SHA1
f51b36e8fdfe14f001f7f5cd003291ddae59556f
-
SHA256
ed21b58153556f6615131adb99259c8a572b90000bbf016288cc7600a238b9a5
-
SHA512
3fcd81fc5f91b3ce5b7fecff60ac70fe16c3008272e5f1add64f20edbf7f83c234c915c234a1c93812959eb70cfc8e3e0558c487278e84cda443ba9b59ae6994
-
SSDEEP
12288:IMrVy90v7/1yLRRymj0s7RsL6Rb9Hr7zjKeKIQ+AMeBw8:9yC7/1gDHj0sL5r7fKe/V7e+8
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1