Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571
-
Size
715KB
-
Sample
230822-nscp1sbh88
-
MD5
b2de32d9e9f2fa7cab361479c055cbd0
-
SHA1
d856c66d5ca730daa06d91bcd0153517864a1f76
-
SHA256
0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571
-
SHA512
e55484008d986465819911889392cffdf446ffbcd60348ee4f0edfd797edf9788bc1334873a5db6feea1772d5e9ed859e6e7e65d272e3dc815c613565b038839
-
SSDEEP
12288:yMrny90cm8rA3xZZjOWYQ9ZbAWjDucfAC4f2ZHwpqxd7u/r2B3BG5c:NyVtAZKahAIAC4f2ZHQi7uz2hBmc
Static task
static1
Behavioral task
behavioral1
Sample
0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
piter
77.91.124.73:19071
-
auth_value
7f92ff466423bb35edbfbc22f78b0bb9
Targets
-
-
Target
0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571
-
Size
715KB
-
MD5
b2de32d9e9f2fa7cab361479c055cbd0
-
SHA1
d856c66d5ca730daa06d91bcd0153517864a1f76
-
SHA256
0118cf76a452338737c7fc4c4d1e63a781671ad4084e4d64da1291763654b571
-
SHA512
e55484008d986465819911889392cffdf446ffbcd60348ee4f0edfd797edf9788bc1334873a5db6feea1772d5e9ed859e6e7e65d272e3dc815c613565b038839
-
SSDEEP
12288:yMrny90cm8rA3xZZjOWYQ9ZbAWjDucfAC4f2ZHwpqxd7u/r2B3BG5c:NyVtAZKahAIAC4f2ZHQi7uz2hBmc
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1