Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
-
Size
829KB
-
Sample
230902-h1jweabf52
-
MD5
57db2ae32f4f19b342c42f145da41fe9
-
SHA1
827e839cdbda5d4ad5ddf125616853cd3c84d516
-
SHA256
21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
-
SHA512
b2bde8152a54c4dd5fb337fc8653d4ddda16beb5fc74688c81d16c3c14009a493d5159265c106e5249e8d8061b6e8947b0977f9fd0e71db257d54dd52d18e3c3
-
SSDEEP
12288:cMr7y90mXuvntJ0i4oRtKqeTLwMGJ0+msG2PUqRe1g6vEYWdJwRuz1d:fy3XuPLOoqVIM3sGEUUHdJSc1d
Static task
static1
Behavioral task
behavioral1
Sample
21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
bobik
77.91.124.82:19071
-
auth_value
d639522ae3c9dda998264d691a19eb33
Targets
-
-
Target
21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
-
Size
829KB
-
MD5
57db2ae32f4f19b342c42f145da41fe9
-
SHA1
827e839cdbda5d4ad5ddf125616853cd3c84d516
-
SHA256
21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
-
SHA512
b2bde8152a54c4dd5fb337fc8653d4ddda16beb5fc74688c81d16c3c14009a493d5159265c106e5249e8d8061b6e8947b0977f9fd0e71db257d54dd52d18e3c3
-
SSDEEP
12288:cMr7y90mXuvntJ0i4oRtKqeTLwMGJ0+msG2PUqRe1g6vEYWdJwRuz1d:fy3XuPLOoqVIM3sGEUUHdJSc1d
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1