Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506
-
Size
729KB
-
Sample
230818-h7k22she9s
-
MD5
157c55e551359c141a1c1380f3ad8117
-
SHA1
ee1dd78909e9bf11cea9c6f6b520485aa866b246
-
SHA256
85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506
-
SHA512
af72c20fa7ba8e49f4ec1c4f6d81dfb0e10dba966b03d440e0fa44e42ea9f6e8e6911843200d8042f663771566a24240285e85e30ed082cb62606fb187418227
-
SSDEEP
12288:YMr1y90Rjoqzon3xXAUXGP4Sfh+sHmDEDAuijBrUmFk13OWsm9oJEL:tyWjron+5QSUsGDEDXYJbWsQL
Static task
static1
Behavioral task
behavioral1
Sample
85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
maga
77.91.124.54:19071
-
auth_value
9dd7a0be219be9b6228dc9b4e112b812
Targets
-
-
Target
85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506
-
Size
729KB
-
MD5
157c55e551359c141a1c1380f3ad8117
-
SHA1
ee1dd78909e9bf11cea9c6f6b520485aa866b246
-
SHA256
85b297d3c410e836be3e92150f84ca975c70ffac3450f0da6cc82fcb78696506
-
SHA512
af72c20fa7ba8e49f4ec1c4f6d81dfb0e10dba966b03d440e0fa44e42ea9f6e8e6911843200d8042f663771566a24240285e85e30ed082cb62606fb187418227
-
SSDEEP
12288:YMr1y90Rjoqzon3xXAUXGP4Sfh+sHmDEDAuijBrUmFk13OWsm9oJEL:tyWjron+5QSUsGDEDXYJbWsQL
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1