Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30
-
Size
929KB
-
Sample
230828-jfabxaha59
-
MD5
bca07a88549aa5b88e6e6a96ae7ec882
-
SHA1
ed0efc2c39acd1d53fdd19a7a7f6bc539d4a7734
-
SHA256
ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30
-
SHA512
defb4bb770520e7756f2d2ce048881645c21afb511ee312c842df8d9bc8979a7158e552f36cb9c9966c94a683d5c74f3da5ea7b29db9a6f26ef2f4c25f1b22f9
-
SSDEEP
24576:Vy/MmzTGgUANylM0LN4d5q0iRh9MMdr1b7duQtz3UeB45CsfU:w/MYzUAYtqdk1Rh9MMLbd3Wg
Static task
static1
Behavioral task
behavioral1
Sample
ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
stas
77.91.124.82:19071
-
auth_value
db6d96c4eade05afc28c31d9ad73a73c
Targets
-
-
Target
ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30
-
Size
929KB
-
MD5
bca07a88549aa5b88e6e6a96ae7ec882
-
SHA1
ed0efc2c39acd1d53fdd19a7a7f6bc539d4a7734
-
SHA256
ee36d54ef8ac7ca3067f3f047c3e95727a6af2a82f77c499e889b5eebbe8da30
-
SHA512
defb4bb770520e7756f2d2ce048881645c21afb511ee312c842df8d9bc8979a7158e552f36cb9c9966c94a683d5c74f3da5ea7b29db9a6f26ef2f4c25f1b22f9
-
SSDEEP
24576:Vy/MmzTGgUANylM0LN4d5q0iRh9MMdr1b7duQtz3UeB45CsfU:w/MYzUAYtqdk1Rh9MMLbd3Wg
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1