Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8162a60710b5f5c29aaf10435ee357f7684936e650fe7e90771ffe859827ec75
-
Size
730KB
-
Sample
230818-fxjp5ahb6z
-
MD5
ba41598209ef18502cabb04517cd9488
-
SHA1
6dba18626f5f26d163ed9d518b6577928ba1e5c6
-
SHA256
8162a60710b5f5c29aaf10435ee357f7684936e650fe7e90771ffe859827ec75
-
SHA512
fd5e9cc62a312b2b907da4c95113bbfc802f38b98dcd7b3b37c94f19fea8dd692feec81d89f2e38b39ad11f8398a04cd347b92149b3c549c7d2ea251bc939425
-
SSDEEP
12288:xMrMy90ymvugFRAKagkasDe876e0WI6A2X8ko6fJSp6ZkoDgQaQGae8C0ZnGu:9yKnnvkrx76TWIutoGJSpu/gQw0ZnGu
Static task
static1
Behavioral task
behavioral1
Sample
8162a60710b5f5c29aaf10435ee357f7684936e650fe7e90771ffe859827ec75.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
maga
77.91.124.54:19071
-
auth_value
9dd7a0be219be9b6228dc9b4e112b812
Targets
-
-
Target
8162a60710b5f5c29aaf10435ee357f7684936e650fe7e90771ffe859827ec75
-
Size
730KB
-
MD5
ba41598209ef18502cabb04517cd9488
-
SHA1
6dba18626f5f26d163ed9d518b6577928ba1e5c6
-
SHA256
8162a60710b5f5c29aaf10435ee357f7684936e650fe7e90771ffe859827ec75
-
SHA512
fd5e9cc62a312b2b907da4c95113bbfc802f38b98dcd7b3b37c94f19fea8dd692feec81d89f2e38b39ad11f8398a04cd347b92149b3c549c7d2ea251bc939425
-
SSDEEP
12288:xMrMy90ymvugFRAKagkasDe876e0WI6A2X8ko6fJSp6ZkoDgQaQGae8C0ZnGu:9yKnnvkrx76TWIutoGJSpu/gQw0ZnGu
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1