Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
z4921733.exe
-
Size
372KB
-
Sample
230825-e8jc3ahb59
-
MD5
3356f0a504f98ebe19bb177856184fbd
-
SHA1
be551871751081f37f458b7bf62656f3dc6ed89d
-
SHA256
04564577997141d823ae97f19f8febb05160bde567c2c1439c74e4d24255ecdd
-
SHA512
5cf27fcf13ed56ad49dff48ea7c8359d81c5ebe641aba8e4a31b4de783a8734770bfd3ca7e3188e3518b39be890bbe74baa90ffbda980c20e833d22428a1f6c6
-
SSDEEP
6144:K3y+bnr+Tp0yN90QESpbj/Pj4BgD2zUcPD+lSLwwvohu5/p8qWlt6lHC4+k0e:ZMr/y90Ij/Pj4aqb9wY8qWl8xCy
Static task
static1
Behavioral task
behavioral1
Sample
z4921733.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
z4921733.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
vaga
77.91.124.73:19071
-
auth_value
393905212ded984248e8e000e612d4fe
Targets
-
-
Target
z4921733.exe
-
Size
372KB
-
MD5
3356f0a504f98ebe19bb177856184fbd
-
SHA1
be551871751081f37f458b7bf62656f3dc6ed89d
-
SHA256
04564577997141d823ae97f19f8febb05160bde567c2c1439c74e4d24255ecdd
-
SHA512
5cf27fcf13ed56ad49dff48ea7c8359d81c5ebe641aba8e4a31b4de783a8734770bfd3ca7e3188e3518b39be890bbe74baa90ffbda980c20e833d22428a1f6c6
-
SSDEEP
6144:K3y+bnr+Tp0yN90QESpbj/Pj4BgD2zUcPD+lSLwwvohu5/p8qWlt6lHC4+k0e:ZMr/y90Ij/Pj4aqb9wY8qWl8xCy
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1