Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305
-
Size
829KB
-
Sample
230901-xffqkshb42
-
MD5
d86336b7ee0ef9b59c2882c30c948df1
-
SHA1
172b3b44ce68a05d5591bf0230a95e74c15062af
-
SHA256
2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305
-
SHA512
7c577d1cd5c549baf9553bcddab5f3c07624735a02303a9d6a414131e4e97839b9726501dbbadd26d79dfd01b7fc7114039afb56aa0ec51c6b728a6f8b2f0a7f
-
SSDEEP
12288:lMrby90yeLXK0ZLOJmogUxOKDHW4QsCZ7KCmMDrx9jcVt12JXTFmD3jQ0dZ0OaZd:+y8L/O55Qsf+X30UJXTQD3jQ0v34d
Static task
static1
Behavioral task
behavioral1
Sample
JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
domka
77.91.124.82:19071
-
auth_value
74e19436acac85e44d691aebcc617529
Targets
-
-
Target
JC_2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305
-
Size
829KB
-
MD5
d86336b7ee0ef9b59c2882c30c948df1
-
SHA1
172b3b44ce68a05d5591bf0230a95e74c15062af
-
SHA256
2676ca708434b145e84d0e9b16c8e30faa706f5eea9802c4cec9727fb5c6c305
-
SHA512
7c577d1cd5c549baf9553bcddab5f3c07624735a02303a9d6a414131e4e97839b9726501dbbadd26d79dfd01b7fc7114039afb56aa0ec51c6b728a6f8b2f0a7f
-
SSDEEP
12288:lMrby90yeLXK0ZLOJmogUxOKDHW4QsCZ7KCmMDrx9jcVt12JXTFmD3jQ0dZ0OaZd:+y8L/O55Qsf+X30UJXTQD3jQ0v34d
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1