Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec
-
Size
923KB
-
Sample
230901-g7k7dach9z
-
MD5
2a95892752ce9221e0e4dda530746b24
-
SHA1
2df82dcd76c16bc7b30d6052d89e65bc17548365
-
SHA256
2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec
-
SHA512
6d6c44f6b4dfbc90923d12fbc30ebf9b087dd7286b352f2cd16c29fa812ce2f646f7462ef88547f749c152c85cae5a6a3856580f20c1ccc6d89b839db8825563
-
SSDEEP
24576:OywszlydSyTFkcjPgdLPz2f6ay8NpY2z1B74Ec8aos:dkhFzP+LPD38NpY2JF4Ec8a
Static task
static1
Behavioral task
behavioral1
Sample
2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
jang
77.91.124.82:19071
-
auth_value
662102010afcbe9e22b13116b1c1a088
Targets
-
-
Target
2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec
-
Size
923KB
-
MD5
2a95892752ce9221e0e4dda530746b24
-
SHA1
2df82dcd76c16bc7b30d6052d89e65bc17548365
-
SHA256
2b752caeb4c4d5d3d976a4f18bdbbe85a9d33e45248c42e9804a0e0a0be474ec
-
SHA512
6d6c44f6b4dfbc90923d12fbc30ebf9b087dd7286b352f2cd16c29fa812ce2f646f7462ef88547f749c152c85cae5a6a3856580f20c1ccc6d89b839db8825563
-
SSDEEP
24576:OywszlydSyTFkcjPgdLPz2f6ay8NpY2z1B74Ec8aos:dkhFzP+LPD38NpY2JF4Ec8a
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1