Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e538197b7b5154f17ffc93b45cfbc82b7065ed16e2767.exe
-
Size
704KB
-
Sample
230827-fnjc1ahe4v
-
MD5
73337423e405c3c0b71629c63c6f6cfd
-
SHA1
539742b03de3ff3740a3d8d743ec9714904cd047
-
SHA256
e538197b7b5154f17ffc93b45cfbc82b7065ed16e27679d52b4c23bff5457297
-
SHA512
08c84adacd15ba0172eef4096ef71d79666c2fae999ed76c6fc010c7ddf8cfa2cba19a0dc50f6ee989838509afd0ee5e67242696b8315b4e6be450ccd839a47a
-
SSDEEP
12288:hMrHy90j/L2EvY/JCfPeltFzHxjSGFJ7CnJYrHT9UmdcHtJj+nVPGK3R9dwuUP:myoL2EvYRC3elPrZzenJYrKmdcHTGRYP
Static task
static1
Behavioral task
behavioral1
Sample
e538197b7b5154f17ffc93b45cfbc82b7065ed16e2767.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e538197b7b5154f17ffc93b45cfbc82b7065ed16e2767.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
nrava
77.91.124.82:19071
-
auth_value
43fe50e9ee6afb85588e03ac9676e2f7
Targets
-
-
Target
e538197b7b5154f17ffc93b45cfbc82b7065ed16e2767.exe
-
Size
704KB
-
MD5
73337423e405c3c0b71629c63c6f6cfd
-
SHA1
539742b03de3ff3740a3d8d743ec9714904cd047
-
SHA256
e538197b7b5154f17ffc93b45cfbc82b7065ed16e27679d52b4c23bff5457297
-
SHA512
08c84adacd15ba0172eef4096ef71d79666c2fae999ed76c6fc010c7ddf8cfa2cba19a0dc50f6ee989838509afd0ee5e67242696b8315b4e6be450ccd839a47a
-
SSDEEP
12288:hMrHy90j/L2EvY/JCfPeltFzHxjSGFJ7CnJYrHT9UmdcHtJj+nVPGK3R9dwuUP:myoL2EvYRC3elPrZzenJYrKmdcHTGRYP
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1