Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2
-
Size
731KB
-
Sample
230818-n1hk8sag7t
-
MD5
9247a9ff1a6ca7eac5dc5ca4c0ad9980
-
SHA1
9599a3ceb20fba6e2df21b1231c784ec16779ee8
-
SHA256
7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2
-
SHA512
5e5c2ea10629e3259b24fca7b4f05ef88b3e4fe3d5a54cd8b40815e08c28ad78ffc09c333eb56f645e835307e26f1fdc239e0cad7a3cbff49545f456a5bebc61
-
SSDEEP
12288:sMrqy90XNMkxZo2OBwV1lLYu116PBphsFGH3msNgqO91RnoQoyJINA9:Oy8NMaZLOBwYujqvXmsSxRnoDux9
Static task
static1
Behavioral task
behavioral1
Sample
7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2
-
Size
731KB
-
MD5
9247a9ff1a6ca7eac5dc5ca4c0ad9980
-
SHA1
9599a3ceb20fba6e2df21b1231c784ec16779ee8
-
SHA256
7da2b1437f81aa4440328b044dd8fbeb6c41b016a8d454e6e7159a85e50131e2
-
SHA512
5e5c2ea10629e3259b24fca7b4f05ef88b3e4fe3d5a54cd8b40815e08c28ad78ffc09c333eb56f645e835307e26f1fdc239e0cad7a3cbff49545f456a5bebc61
-
SSDEEP
12288:sMrqy90XNMkxZo2OBwV1lLYu116PBphsFGH3msNgqO91RnoQoyJINA9:Oy8NMaZLOBwYujqvXmsSxRnoDux9
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1