Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1
-
Size
929KB
-
Sample
230902-mefn3scb46
-
MD5
c8f489dc96ecac12d54b8258422d31d7
-
SHA1
d8a1ccc703fb05ac04d2d5dea72db916628c92bf
-
SHA256
02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1
-
SHA512
de54275118329d03f696d35556c56af3895a184cbe6fbca68c6a28bdd954114247d232b94f22be0efe68eaa506bcfbf36779d93ddbe1d9e42eb765c52806d051
-
SSDEEP
24576:gyBAtj3cgYsLCqD48Aad6Z4yEOFzpoMOIS:nMQILfMPZQOHOI
Static task
static1
Behavioral task
behavioral1
Sample
JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
bobik
77.91.124.82:19071
-
auth_value
d639522ae3c9dda998264d691a19eb33
Targets
-
-
Target
JC_02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1
-
Size
929KB
-
MD5
c8f489dc96ecac12d54b8258422d31d7
-
SHA1
d8a1ccc703fb05ac04d2d5dea72db916628c92bf
-
SHA256
02f0f132b68c38044899da2b43418236feb95297deb30d2be16a32a83863f3e1
-
SHA512
de54275118329d03f696d35556c56af3895a184cbe6fbca68c6a28bdd954114247d232b94f22be0efe68eaa506bcfbf36779d93ddbe1d9e42eb765c52806d051
-
SSDEEP
24576:gyBAtj3cgYsLCqD48Aad6Z4yEOFzpoMOIS:nMQILfMPZQOHOI
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1