Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee
-
Size
827KB
-
Sample
230822-rsdtvseb9y
-
MD5
edab32600cb669c7c9f9f08284835e57
-
SHA1
f36b2dd569a020b61db0d3593cf21f4da8213e4c
-
SHA256
844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee
-
SHA512
f190546fa2d67eb229ca5a525e05509d86b42fe0cb7f3f6d4cb4e87a95f79a6df4b0c41efc4da8eaf70562586efc4d8f59d52c900c73d191e7bf7259baed7435
-
SSDEEP
12288:TMr4y908tFPcQRyHdfVYDb5XXtpFpeVaxO8PDtpG/PqwQYl8GuyWLdKr:PytFCdfVYDb5XXtjp12iqmGAs
Static task
static1
Behavioral task
behavioral1
Sample
844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
rota
77.91.124.73:19071
-
auth_value
320c7daa59eb9b82e20a15162392a756
Targets
-
-
Target
844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee
-
Size
827KB
-
MD5
edab32600cb669c7c9f9f08284835e57
-
SHA1
f36b2dd569a020b61db0d3593cf21f4da8213e4c
-
SHA256
844e1d852d6e53ee6d479e42799d6e0ef6d57e7af3361c59b5c5d60439894dee
-
SHA512
f190546fa2d67eb229ca5a525e05509d86b42fe0cb7f3f6d4cb4e87a95f79a6df4b0c41efc4da8eaf70562586efc4d8f59d52c900c73d191e7bf7259baed7435
-
SSDEEP
12288:TMr4y908tFPcQRyHdfVYDb5XXtpFpeVaxO8PDtpG/PqwQYl8GuyWLdKr:PytFCdfVYDb5XXtjp12iqmGAs
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1