Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d
-
Size
1.3MB
-
Sample
230910-kd5wgafh25
-
MD5
c0276f85f562267b52b87e82642956db
-
SHA1
a34185c31839311ac7265b3d585f5f7e0b6d0aaa
-
SHA256
23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d
-
SHA512
3f75d6be382eb459c346b649271dbfccac48b903584efa56e53f5c494ae82efb24a30a5f4b9d08bc406a723d6bd622898fdd3bbdda782aeb08e6d175f440a652
-
SSDEEP
24576:QA8GvbWfy/XudJl0m1wDO3DS64Db6A4eSYnN2sDVh4frj0gV5OMBD9LtEdDgvTsa:oGvyfy/edJl0mCDyDS6WW12N2oLWrLEM
Static task
static1
Behavioral task
behavioral1
Sample
23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d
-
Size
1.3MB
-
MD5
c0276f85f562267b52b87e82642956db
-
SHA1
a34185c31839311ac7265b3d585f5f7e0b6d0aaa
-
SHA256
23b77ec0633b2c7b87d91d3fbaddfb77cfa092bc49eaa9df40d34e54944b503d
-
SHA512
3f75d6be382eb459c346b649271dbfccac48b903584efa56e53f5c494ae82efb24a30a5f4b9d08bc406a723d6bd622898fdd3bbdda782aeb08e6d175f440a652
-
SSDEEP
24576:QA8GvbWfy/XudJl0m1wDO3DS64Db6A4eSYnN2sDVh4frj0gV5OMBD9LtEdDgvTsa:oGvyfy/edJl0mCDyDS6WW12N2oLWrLEM
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1