Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ccc3d42253e1bf0c78cde794a86c5693.exe
-
Size
931KB
-
Sample
230825-pcltesbe64
-
MD5
ccc3d42253e1bf0c78cde794a86c5693
-
SHA1
ea792cdd8dae77c7ea22b195e5fd6a2e6da402c1
-
SHA256
55835ee0d6831c4bfce2485d71b884881f5cfff7e66b4bd3c760b9a1fb9dd4d9
-
SHA512
fc708da99a0bebf20df29697bff5f13a1739eeb5933e4e3b384f4cdd056b4583189d00822eeb405bde81d05fadeae23284e7ef8a8d0f065cda05207228c9c18a
-
SSDEEP
12288:3Mrhy90u10zuiMlgrskr+ZLSgLKN2s2FGyrOtiQ1EWztWqLm+lr3wa1F3VgAGsR7:SydwutCsab2scrD+EWhW+lr78sR4Q
Static task
static1
Behavioral task
behavioral1
Sample
ccc3d42253e1bf0c78cde794a86c5693.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ccc3d42253e1bf0c78cde794a86c5693.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
vaga
77.91.124.73:19071
-
auth_value
393905212ded984248e8e000e612d4fe
Targets
-
-
Target
ccc3d42253e1bf0c78cde794a86c5693.exe
-
Size
931KB
-
MD5
ccc3d42253e1bf0c78cde794a86c5693
-
SHA1
ea792cdd8dae77c7ea22b195e5fd6a2e6da402c1
-
SHA256
55835ee0d6831c4bfce2485d71b884881f5cfff7e66b4bd3c760b9a1fb9dd4d9
-
SHA512
fc708da99a0bebf20df29697bff5f13a1739eeb5933e4e3b384f4cdd056b4583189d00822eeb405bde81d05fadeae23284e7ef8a8d0f065cda05207228c9c18a
-
SSDEEP
12288:3Mrhy90u10zuiMlgrskr+ZLSgLKN2s2FGyrOtiQ1EWztWqLm+lr3wa1F3VgAGsR7:SydwutCsab2scrD+EWhW+lr78sR4Q
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1