Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb
-
Size
929KB
-
Sample
230830-a3a3aabh5x
-
MD5
0d8297ec2033094e78713250a9220035
-
SHA1
cd37241dba9fc9e3dddc194be939abec1fb5730a
-
SHA256
2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb
-
SHA512
c77a42c3f9310a8d250e5717ebf6153e373463adb722160f9ca62f3c1351c0e4048f3cd5f44db7222db3d39d345eada5686c0be3041c0cf0cbf44d38b56946b5
-
SSDEEP
24576:zy/4V6xkaHDy0n/Y9lvJMIaCV+pzE4ICw:GbxB/Y9IIaCV+pzE4
Static task
static1
Behavioral task
behavioral1
Sample
2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
sruta
77.91.124.82:19071
-
auth_value
c556edcd49703319eca74247de20c236
Targets
-
-
Target
2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb
-
Size
929KB
-
MD5
0d8297ec2033094e78713250a9220035
-
SHA1
cd37241dba9fc9e3dddc194be939abec1fb5730a
-
SHA256
2d9ca96b41ffce9394e57c3aad6bc9eecc473a0b6a6a2655193fb5eb796ac9bb
-
SHA512
c77a42c3f9310a8d250e5717ebf6153e373463adb722160f9ca62f3c1351c0e4048f3cd5f44db7222db3d39d345eada5686c0be3041c0cf0cbf44d38b56946b5
-
SSDEEP
24576:zy/4V6xkaHDy0n/Y9lvJMIaCV+pzE4ICw:GbxB/Y9IIaCV+pzE4
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1