Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26
-
Size
505KB
-
Sample
230816-str9bade5y
-
MD5
b8c795216a2c012e9d39db2e5cf573e2
-
SHA1
e1050257a2e944b5f868202845102f18c39c5eb8
-
SHA256
0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26
-
SHA512
8eebbb7afd943f20f7bce140faa3b433ce164d6e4453ffddc66528565c9f70ad30f7e87636272c9174e0be817e3ef720c9b088c509e69c3902d8359a24a1681a
-
SSDEEP
12288:qMrRy900zT5opJnx2qqhnStdqfTMNNIfkZO3PJHctw:Ty0x2qqhStdq7MNNdFtw
Static task
static1
Behavioral task
behavioral1
Sample
0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
dava
77.91.124.54:19071
-
auth_value
3ce5222c1baaa06681dfe0012ce1de23
Targets
-
-
Target
0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26
-
Size
505KB
-
MD5
b8c795216a2c012e9d39db2e5cf573e2
-
SHA1
e1050257a2e944b5f868202845102f18c39c5eb8
-
SHA256
0f979cb8af260f00e154f08809ad0f5f264269b78fe270cdf68732508cb22d26
-
SHA512
8eebbb7afd943f20f7bce140faa3b433ce164d6e4453ffddc66528565c9f70ad30f7e87636272c9174e0be817e3ef720c9b088c509e69c3902d8359a24a1681a
-
SSDEEP
12288:qMrRy900zT5opJnx2qqhnStdqfTMNNIfkZO3PJHctw:Ty0x2qqhStdq7MNNdFtw
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1