Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b5da8cb8a72c33f8224184d8ca045d3cc4e21a1adcd39e84e7004166d91c71cf
-
Size
729KB
-
Sample
230817-rbg5ysbd4s
-
MD5
2c0b9718236ecc3a4d304f074cac4b13
-
SHA1
1de49cce930bd96b3463c7adc938668c7dfcd544
-
SHA256
b5da8cb8a72c33f8224184d8ca045d3cc4e21a1adcd39e84e7004166d91c71cf
-
SHA512
cb0dd5304a5d6f563c1a8cfe3fd72b19fd8c0eab16ed58df02a94a7e6a6d3590309b1ccb7c147dddadedd92fd7973e069bbd99e83fa9ce337a609c0684ff67c7
-
SSDEEP
12288:fMr4y90mWVg9Dwuw662u2wVZK6q7CME/cFsPWvI06N7yWU35QCh16xUetfwCgfDY:Xy9kuwWuFZKv7CME0sPX06N7yW+CCf6F
Static task
static1
Behavioral task
behavioral1
Sample
b5da8cb8a72c33f8224184d8ca045d3cc4e21a1adcd39e84e7004166d91c71cf.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
maga
77.91.124.54:19071
-
auth_value
9dd7a0be219be9b6228dc9b4e112b812
Targets
-
-
Target
b5da8cb8a72c33f8224184d8ca045d3cc4e21a1adcd39e84e7004166d91c71cf
-
Size
729KB
-
MD5
2c0b9718236ecc3a4d304f074cac4b13
-
SHA1
1de49cce930bd96b3463c7adc938668c7dfcd544
-
SHA256
b5da8cb8a72c33f8224184d8ca045d3cc4e21a1adcd39e84e7004166d91c71cf
-
SHA512
cb0dd5304a5d6f563c1a8cfe3fd72b19fd8c0eab16ed58df02a94a7e6a6d3590309b1ccb7c147dddadedd92fd7973e069bbd99e83fa9ce337a609c0684ff67c7
-
SSDEEP
12288:fMr4y90mWVg9Dwuw662u2wVZK6q7CME/cFsPWvI06N7yWU35QCh16xUetfwCgfDY:Xy9kuwWuFZKv7CME0sPX06N7yW+CCf6F
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1