Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289
-
Size
705KB
-
Sample
230825-xv5m9aga9v
-
MD5
e667d67071d3d5b5f3a4436a3d373924
-
SHA1
caa5d4dfaf43aa2dcd8cd8cf2a202dd9ea403ac8
-
SHA256
1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289
-
SHA512
ccea9e50b7ee3476d6a850f3f500bea367b0a6ed1b700393677a4cc0a8a4262bb4b6da345ec5fed98b0d7fac1895e234ad2e783ee9eeb2ebe3f183f043220fb7
-
SSDEEP
12288:YMrJy90Z4UD72Q//Iigu8ErP1wcFbN81SCbbIR5rKhNcPdKMPDGmxQKFwfl6mFKM:hycD/JntxN81SCbbILGNEKqymxQKal6C
Static task
static1
Behavioral task
behavioral1
Sample
1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289.exe
Resource
win10v2004-20230824-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
jaja
77.91.124.73:19071
-
auth_value
3670179d176ca399ed08e7914610b43c
Targets
-
-
Target
1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289
-
Size
705KB
-
MD5
e667d67071d3d5b5f3a4436a3d373924
-
SHA1
caa5d4dfaf43aa2dcd8cd8cf2a202dd9ea403ac8
-
SHA256
1d38eab4e2889ce0d028c8c33d5126e330d65a727b947a59d66463634b6f1289
-
SHA512
ccea9e50b7ee3476d6a850f3f500bea367b0a6ed1b700393677a4cc0a8a4262bb4b6da345ec5fed98b0d7fac1895e234ad2e783ee9eeb2ebe3f183f043220fb7
-
SSDEEP
12288:YMrJy90Z4UD72Q//Iigu8ErP1wcFbN81SCbbIR5rKhNcPdKMPDGmxQKFwfl6mFKM:hycD/JntxN81SCbbILGNEKqymxQKal6C
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1