Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
-
Size
839KB
-
Sample
230821-p29lsach36
-
MD5
90ce9339b86b2041a6805e4b37f5bf00
-
SHA1
937696856fd132128b2130b40581515b198e0c1a
-
SHA256
6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
-
SHA512
74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1
-
SSDEEP
12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0
Static task
static1
Behavioral task
behavioral1
Sample
6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
lang
77.91.124.73:19071
-
auth_value
92c0fc2b7a8b3fc5a01baa1abf31c42a
Targets
-
-
Target
6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
-
Size
839KB
-
MD5
90ce9339b86b2041a6805e4b37f5bf00
-
SHA1
937696856fd132128b2130b40581515b198e0c1a
-
SHA256
6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
-
SHA512
74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1
-
SSDEEP
12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1