Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94
-
Size
829KB
-
Sample
230902-pakhksda75
-
MD5
66fd8603446bca9eac3c199c2cb75540
-
SHA1
e6ab59135af3a8cbcdad32357085d132d0d40339
-
SHA256
a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94
-
SHA512
9d97aada3d05d01c2ecdb2ad2e2828f674d74de26c1edfe9a1c7961b2a3619566c8e92213ae7cac4ce7a51f0ed192074d320fc0a619e88d8096240a299330a23
-
SSDEEP
12288:uMrdy90Lq2eBlXwW/f53iLY8gygcSrMRRy5NO4n4mVH2fa8c4XHnyl8tdi2l/87:7ycG9w6f1T8g3MLy5NPpvQ1tdi2lO
Static task
static1
Behavioral task
behavioral1
Sample
JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
bobik
77.91.124.82:19071
-
auth_value
d639522ae3c9dda998264d691a19eb33
Targets
-
-
Target
JC_a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94
-
Size
829KB
-
MD5
66fd8603446bca9eac3c199c2cb75540
-
SHA1
e6ab59135af3a8cbcdad32357085d132d0d40339
-
SHA256
a9a1ce32e9ea314a5b78ab6f119cde9331b7b77e13b205ef50050eb298c5ac94
-
SHA512
9d97aada3d05d01c2ecdb2ad2e2828f674d74de26c1edfe9a1c7961b2a3619566c8e92213ae7cac4ce7a51f0ed192074d320fc0a619e88d8096240a299330a23
-
SSDEEP
12288:uMrdy90Lq2eBlXwW/f53iLY8gygcSrMRRy5NO4n4mVH2fa8c4XHnyl8tdi2l/87:7ycG9w6f1T8g3MLy5NPpvQ1tdi2lO
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1