Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f52876b9a89bef59abc92c8ba50f638171fb69717f714107719f881c43b69902
-
Size
834KB
-
Sample
230819-g38f4shg7z
-
MD5
7fc3f19da42f23f45755c8be466fc9c1
-
SHA1
9f88d3ee7ff5ab13c4ef31de924f9e526148176b
-
SHA256
f52876b9a89bef59abc92c8ba50f638171fb69717f714107719f881c43b69902
-
SHA512
49ea1947b436e4d3e6aa9c0efbbb147423e2a5ac2cdcd55975c1d1df4d6fb52afbe9c627b5fbcf437c095eb2a2c5af8e7ecb987673b17d5859900fc85f1b7cde
-
SSDEEP
24576:ayz3UT3z9KLx9jSDx23Awea+2xUH+hjOXIgRtN:hwT5KlJzFX8wap
Static task
static1
Behavioral task
behavioral1
Sample
f52876b9a89bef59abc92c8ba50f638171fb69717f714107719f881c43b69902.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
f52876b9a89bef59abc92c8ba50f638171fb69717f714107719f881c43b69902
-
Size
834KB
-
MD5
7fc3f19da42f23f45755c8be466fc9c1
-
SHA1
9f88d3ee7ff5ab13c4ef31de924f9e526148176b
-
SHA256
f52876b9a89bef59abc92c8ba50f638171fb69717f714107719f881c43b69902
-
SHA512
49ea1947b436e4d3e6aa9c0efbbb147423e2a5ac2cdcd55975c1d1df4d6fb52afbe9c627b5fbcf437c095eb2a2c5af8e7ecb987673b17d5859900fc85f1b7cde
-
SSDEEP
24576:ayz3UT3z9KLx9jSDx23Awea+2xUH+hjOXIgRtN:hwT5KlJzFX8wap
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1