Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b
-
Size
829KB
-
Sample
230823-ncppmsdb5v
-
MD5
de7e162e101efce9b2c2005f2574fc0e
-
SHA1
9448f5251cb4b4df414417655d6fb7859d04d4be
-
SHA256
237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b
-
SHA512
cd95e14d31c6f4c5b592b80d27689db644412fce386bb81e6ff1434655c252c3d3cceeff60041e205b426ab91114b8ccef927ea0f74c04454641487c5bed6fcc
-
SSDEEP
24576:OyKl52iJun73tw12Lwpte59gZhnDo7IhK+3Jq:dKl52hhw12cbkWDo/SJ
Static task
static1
Behavioral task
behavioral1
Sample
237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
rota
77.91.124.73:19071
-
auth_value
320c7daa59eb9b82e20a15162392a756
Targets
-
-
Target
237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b
-
Size
829KB
-
MD5
de7e162e101efce9b2c2005f2574fc0e
-
SHA1
9448f5251cb4b4df414417655d6fb7859d04d4be
-
SHA256
237c684649d711320a39fd7d082e72a2931ecb325c498e6c62c0e77b82dc902b
-
SHA512
cd95e14d31c6f4c5b592b80d27689db644412fce386bb81e6ff1434655c252c3d3cceeff60041e205b426ab91114b8ccef927ea0f74c04454641487c5bed6fcc
-
SSDEEP
24576:OyKl52iJun73tw12Lwpte59gZhnDo7IhK+3Jq:dKl52hhw12cbkWDo/SJ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1