Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee366f24478acfa62a90eaeea6337a96d0d038b5c90efaf8404c02b8e244700a
-
Size
714KB
-
Sample
230818-yqe3gaeh9s
-
MD5
2237161475b9920969138d1bb98d2545
-
SHA1
ba340b220e6634057d6475bd5755e6d8657e207e
-
SHA256
ee366f24478acfa62a90eaeea6337a96d0d038b5c90efaf8404c02b8e244700a
-
SHA512
3ebac5373825741c606c6810b13a98baac8f50d063305a03328adaf9b278be49baa98ad0c6e54e6fbb48e5bd7708fb5662ee49e25ead374ae106bfbbc5b4e758
-
SSDEEP
12288:3Mrly90m8u1ih8L+CWjjEWnQeUrjdbUJgK/c61FO7c3SYG2wNXMdK:uyp8UlL+nPEWnzUFUJgZ61FcJGdK
Static task
static1
Behavioral task
behavioral1
Sample
ee366f24478acfa62a90eaeea6337a96d0d038b5c90efaf8404c02b8e244700a.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
ee366f24478acfa62a90eaeea6337a96d0d038b5c90efaf8404c02b8e244700a
-
Size
714KB
-
MD5
2237161475b9920969138d1bb98d2545
-
SHA1
ba340b220e6634057d6475bd5755e6d8657e207e
-
SHA256
ee366f24478acfa62a90eaeea6337a96d0d038b5c90efaf8404c02b8e244700a
-
SHA512
3ebac5373825741c606c6810b13a98baac8f50d063305a03328adaf9b278be49baa98ad0c6e54e6fbb48e5bd7708fb5662ee49e25ead374ae106bfbbc5b4e758
-
SSDEEP
12288:3Mrly90m8u1ih8L+CWjjEWnQeUrjdbUJgK/c61FO7c3SYG2wNXMdK:uyp8UlL+nPEWnzUFUJgZ61FcJGdK
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1