Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cfcb8cf5593b3339ca32c152657b9af5163b56ce9f2589dd3ffed2784d617935
-
Size
704KB
-
Sample
230828-bdws5aec29
-
MD5
7182c7a30f59a108aafc949648f86db4
-
SHA1
8aa69d4487f925cea0e701018a834e343430b37f
-
SHA256
cfcb8cf5593b3339ca32c152657b9af5163b56ce9f2589dd3ffed2784d617935
-
SHA512
9a541280c7ff94f74686c87003753f08a4368f3f262c587497305d8f8769fd760d646ef345d6a6a2a9028a9f315c182060c25dc9403e051d34705cc5e49ac6ea
-
SSDEEP
12288:7Mr7y90YlsyF1BiA4/EqPAwci+jNy7Jg8XqsEPzLvsZe1lPNuig/20SoKLf0Y1hr:Iyhs4TiAwVAPXjAdf7EPzLvsZe1lDU23
Static task
static1
Behavioral task
behavioral1
Sample
cfcb8cf5593b3339ca32c152657b9af5163b56ce9f2589dd3ffed2784d617935.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
stas
77.91.124.82:19071
-
auth_value
db6d96c4eade05afc28c31d9ad73a73c
Targets
-
-
Target
cfcb8cf5593b3339ca32c152657b9af5163b56ce9f2589dd3ffed2784d617935
-
Size
704KB
-
MD5
7182c7a30f59a108aafc949648f86db4
-
SHA1
8aa69d4487f925cea0e701018a834e343430b37f
-
SHA256
cfcb8cf5593b3339ca32c152657b9af5163b56ce9f2589dd3ffed2784d617935
-
SHA512
9a541280c7ff94f74686c87003753f08a4368f3f262c587497305d8f8769fd760d646ef345d6a6a2a9028a9f315c182060c25dc9403e051d34705cc5e49ac6ea
-
SSDEEP
12288:7Mr7y90YlsyF1BiA4/EqPAwci+jNy7Jg8XqsEPzLvsZe1lPNuig/20SoKLf0Y1hr:Iyhs4TiAwVAPXjAdf7EPzLvsZe1lDU23
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1