Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ac7c2a321198c7727efa33dad41d910f.exe
-
Size
929KB
-
Sample
230827-jmn4msgb63
-
MD5
ac7c2a321198c7727efa33dad41d910f
-
SHA1
4233a6efbaaf30b1ea9ad8cf35034747c429e145
-
SHA256
92d0f994eca55a5b0f90fb99a3dc85cc566ae426cb5f568b2b2a4e08f5cf540a
-
SHA512
46f53e9e15d4af7259187e70f02632de01a2a6cd811f6e085bb0d72517359e573fc0b092420af1a67628d95e224803cb1466674fe4310e86099f7559795c827c
-
SSDEEP
12288:2MrBy900v3//il7T/kDEPQdLnUkx1/Mf4TDsgQppEkw7JBtEkij79HvC13ndKhf:7yfG2cQdLnp4VPpoKhf
Static task
static1
Behavioral task
behavioral1
Sample
ac7c2a321198c7727efa33dad41d910f.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ac7c2a321198c7727efa33dad41d910f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
nrava
77.91.124.82:19071
-
auth_value
43fe50e9ee6afb85588e03ac9676e2f7
Targets
-
-
Target
ac7c2a321198c7727efa33dad41d910f.exe
-
Size
929KB
-
MD5
ac7c2a321198c7727efa33dad41d910f
-
SHA1
4233a6efbaaf30b1ea9ad8cf35034747c429e145
-
SHA256
92d0f994eca55a5b0f90fb99a3dc85cc566ae426cb5f568b2b2a4e08f5cf540a
-
SHA512
46f53e9e15d4af7259187e70f02632de01a2a6cd811f6e085bb0d72517359e573fc0b092420af1a67628d95e224803cb1466674fe4310e86099f7559795c827c
-
SSDEEP
12288:2MrBy900v3//il7T/kDEPQdLnUkx1/Mf4TDsgQppEkw7JBtEkij79HvC13ndKhf:7yfG2cQdLnp4VPpoKhf
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1