Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2023-08-13-07.zip
-
Size
67.8MB
-
Sample
230816-kafr6sah2x
-
MD5
82880c280bd2f28133e9bf5104fe0b28
-
SHA1
4a2194c2c296b60cc2de475edebe4fdcb4642539
-
SHA256
a1f23acb5b4f73ab636d3435dc97347e12c2b4dc8480192335030e804eda672f
-
SHA512
ef45be0a5670fa27477645256cb2f8b70783cbc8e4ffc70bca3eeb43567163bf99fb0e97ca933f7eee384e1179f24e664c0c5a762fd62b44fa81ca07243b5b5c
-
SSDEEP
1572864:r1QaIKvbms2K43amdKQi8rATB362DZ1HKnIqr:jIKvbms2K43amchUAVK2d9KnP
Malware Config
Extracted
redline
ai1
80.85.157.78:28552
-
auth_value
6bcebe43e888caa4243aba18539ee98b
Extracted
darkcloud
- email_from
- email_to
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
gibon
77.91.124.54:19071
-
auth_value
d7312d609a82ad1ae79ab6c26262d75c
Targets
-
-
Target
2023-08-13-07.zip
-
Size
67.8MB
-
MD5
82880c280bd2f28133e9bf5104fe0b28
-
SHA1
4a2194c2c296b60cc2de475edebe4fdcb4642539
-
SHA256
a1f23acb5b4f73ab636d3435dc97347e12c2b4dc8480192335030e804eda672f
-
SHA512
ef45be0a5670fa27477645256cb2f8b70783cbc8e4ffc70bca3eeb43567163bf99fb0e97ca933f7eee384e1179f24e664c0c5a762fd62b44fa81ca07243b5b5c
-
SSDEEP
1572864:r1QaIKvbms2K43amdKQi8rATB362DZ1HKnIqr:jIKvbms2K43amchUAVK2d9KnP
-
Detect Fabookie payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1