Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7654cf704f1123ff992c978a118d52afaef4394970bfac2ededc1f2fb197ffa2
-
Size
705KB
-
Sample
230828-d4bxrahb6x
-
MD5
4e8e8c50e37b202e6aab7b15c133a7bc
-
SHA1
5c517b4878c91ccb4da509be49eeccf3fc24364c
-
SHA256
7654cf704f1123ff992c978a118d52afaef4394970bfac2ededc1f2fb197ffa2
-
SHA512
ae0bb172eb5b6ed1464dcebf25c91c6718de747f391d53937e929d78ee185eae3d6926492ed7252d27f90d508ff40d3ad3dcfff518fc14b6ec96767360d4edd7
-
SSDEEP
12288:ZMrny9044SidEzVCvwHxIJjzKPfKImB6ce5AMl8DaDUbpCO/yBneQyfl9/e:eyN4SiWGIIpzyfLxl8DpBfFfL2
Static task
static1
Behavioral task
behavioral1
Sample
7654cf704f1123ff992c978a118d52afaef4394970bfac2ededc1f2fb197ffa2.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
stas
77.91.124.82:19071
-
auth_value
db6d96c4eade05afc28c31d9ad73a73c
Targets
-
-
Target
7654cf704f1123ff992c978a118d52afaef4394970bfac2ededc1f2fb197ffa2
-
Size
705KB
-
MD5
4e8e8c50e37b202e6aab7b15c133a7bc
-
SHA1
5c517b4878c91ccb4da509be49eeccf3fc24364c
-
SHA256
7654cf704f1123ff992c978a118d52afaef4394970bfac2ededc1f2fb197ffa2
-
SHA512
ae0bb172eb5b6ed1464dcebf25c91c6718de747f391d53937e929d78ee185eae3d6926492ed7252d27f90d508ff40d3ad3dcfff518fc14b6ec96767360d4edd7
-
SSDEEP
12288:ZMrny9044SidEzVCvwHxIJjzKPfKImB6ce5AMl8DaDUbpCO/yBneQyfl9/e:eyN4SiWGIIpzyfLxl8DpBfFfL2
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1