Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
933ced8b4413e0e7d2fb57af3da7514daf7b37ea9e7ea1aa62ebc11fbef800c5
-
Size
730KB
-
Sample
230818-r28qlacc2t
-
MD5
aceaed63f7ed38ce9bdac5895ceb6efe
-
SHA1
c25721ae567fd9d38935d9cd6fa70abc66dad911
-
SHA256
933ced8b4413e0e7d2fb57af3da7514daf7b37ea9e7ea1aa62ebc11fbef800c5
-
SHA512
07923454730da84d886f4365974234f102ff27b5327c4f8143de591ddc8e8196bae0092a990cbc8274f8dde95743da653673dd6f4d75322d60c6cd0ccd59b386
-
SSDEEP
12288:OMray90wIZUwKhduJBUIRQKUM7KJZe7NjjKRdkXep7Ow4MyTBvj+Q+8Di5G:gy/bowKUM7yg7NPK/k+j4M4Bvt+85
Static task
static1
Behavioral task
behavioral1
Sample
933ced8b4413e0e7d2fb57af3da7514daf7b37ea9e7ea1aa62ebc11fbef800c5.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
933ced8b4413e0e7d2fb57af3da7514daf7b37ea9e7ea1aa62ebc11fbef800c5
-
Size
730KB
-
MD5
aceaed63f7ed38ce9bdac5895ceb6efe
-
SHA1
c25721ae567fd9d38935d9cd6fa70abc66dad911
-
SHA256
933ced8b4413e0e7d2fb57af3da7514daf7b37ea9e7ea1aa62ebc11fbef800c5
-
SHA512
07923454730da84d886f4365974234f102ff27b5327c4f8143de591ddc8e8196bae0092a990cbc8274f8dde95743da653673dd6f4d75322d60c6cd0ccd59b386
-
SSDEEP
12288:OMray90wIZUwKhduJBUIRQKUM7KJZe7NjjKRdkXep7Ow4MyTBvj+Q+8Di5G:gy/bowKUM7yg7NPK/k+j4M4Bvt+85
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1