Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c
-
Size
826KB
-
Sample
230901-yj4r9ahf59
-
MD5
47c2c9104941b7a59626e84048763c75
-
SHA1
b1f506c4fb8898f81a47ccc052b5528f27283d7b
-
SHA256
dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c
-
SHA512
580dcc9c63146e46f7c2119c8dfe786a7fc3c42dc8e7900f927877b40ea44bfdc3c187a32dd658810a9b04a560e79024f6446752007eea20df503c419508cf14
-
SSDEEP
24576:Zydz4XOiWFAriGOMDcA/huO53yNh9DgC3V:MdznFrADuttkC
Static task
static1
Behavioral task
behavioral1
Sample
JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
domka
77.91.124.82:19071
-
auth_value
74e19436acac85e44d691aebcc617529
Targets
-
-
Target
JC_dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c
-
Size
826KB
-
MD5
47c2c9104941b7a59626e84048763c75
-
SHA1
b1f506c4fb8898f81a47ccc052b5528f27283d7b
-
SHA256
dee6b248820a13f72f772958cfc8d3c642f3f536e1c23273fd92526e8d08a84c
-
SHA512
580dcc9c63146e46f7c2119c8dfe786a7fc3c42dc8e7900f927877b40ea44bfdc3c187a32dd658810a9b04a560e79024f6446752007eea20df503c419508cf14
-
SSDEEP
24576:Zydz4XOiWFAriGOMDcA/huO53yNh9DgC3V:MdznFrADuttkC
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1