Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e
-
Size
826KB
-
Sample
230827-t91q3abf54
-
MD5
117bf634d70e27870b32d2e3b390db61
-
SHA1
bcb98ee589428aa941aad060073b11b4e8b6f383
-
SHA256
d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e
-
SHA512
851042e5e92d2cfbc43d8a4d7432753217426bcfb9552301c02933c48d96149798643457a09a37fafff700283cd35f979fdadb6eb624cbbbba567c0157ba0b26
-
SSDEEP
12288:WMr8y905IbwkUlz+VJEFayGDb7mjTvrMTZ9cvLEU958DJSpSoBkDkkN1x1x6w:uyXskUlz1aO/vrMMYWQRoyksxL6w
Static task
static1
Behavioral task
behavioral1
Sample
d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
nrava
77.91.124.82:19071
-
auth_value
43fe50e9ee6afb85588e03ac9676e2f7
Targets
-
-
Target
d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e
-
Size
826KB
-
MD5
117bf634d70e27870b32d2e3b390db61
-
SHA1
bcb98ee589428aa941aad060073b11b4e8b6f383
-
SHA256
d9c55523ab287281fb0b8e9638570193fb991e03c3fa62795b2805d3fd41247e
-
SHA512
851042e5e92d2cfbc43d8a4d7432753217426bcfb9552301c02933c48d96149798643457a09a37fafff700283cd35f979fdadb6eb624cbbbba567c0157ba0b26
-
SSDEEP
12288:WMr8y905IbwkUlz+VJEFayGDb7mjTvrMTZ9cvLEU958DJSpSoBkDkkN1x1x6w:uyXskUlz1aO/vrMMYWQRoyksxL6w
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1