Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1b0661829723768b71ca97aff53718e0d521e49cdecb84121e66fb3672717868
-
Size
730KB
-
Sample
230818-ts3t4abh24
-
MD5
ef443b2ab2d152069a64c286398a5777
-
SHA1
fd588ddf5726f4997a0bbecd5c8046cf34191efb
-
SHA256
1b0661829723768b71ca97aff53718e0d521e49cdecb84121e66fb3672717868
-
SHA512
892d16aece949cdb4325d53cb54bf3480df57785a02ac02aedbf25158ebe0346ea71240d934bfa6c6589cb35391f9308f19f9c13ba96992b974b7948240e9c77
-
SSDEEP
12288:6Mrky90V0PmDfVCXI45/zKiILjMmftk/KKue7klkKRIUXFp74Iudnbyniux0S:6y+0EfVCdRKZMmlk/hV7kqKSUn7udbyd
Static task
static1
Behavioral task
behavioral1
Sample
1b0661829723768b71ca97aff53718e0d521e49cdecb84121e66fb3672717868.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
1b0661829723768b71ca97aff53718e0d521e49cdecb84121e66fb3672717868
-
Size
730KB
-
MD5
ef443b2ab2d152069a64c286398a5777
-
SHA1
fd588ddf5726f4997a0bbecd5c8046cf34191efb
-
SHA256
1b0661829723768b71ca97aff53718e0d521e49cdecb84121e66fb3672717868
-
SHA512
892d16aece949cdb4325d53cb54bf3480df57785a02ac02aedbf25158ebe0346ea71240d934bfa6c6589cb35391f9308f19f9c13ba96992b974b7948240e9c77
-
SSDEEP
12288:6Mrky90V0PmDfVCXI45/zKiILjMmftk/KKue7klkKRIUXFp74Iudnbyniux0S:6y+0EfVCdRKZMmlk/hV7kqKSUn7udbyd
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1