Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194
-
Size
742KB
-
Sample
230910-kd8mcsfh26
-
MD5
6a63998eb6c3f93e1ae2b42def2fad00
-
SHA1
c88b9e68bce79bc361c68a3412be4d2c2e609289
-
SHA256
8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194
-
SHA512
c32353c92ec695e6d902fe5f5e1b48e181fb5e3bf768d4d7acfe24c2306916706551e6ff9dcbe3b1ece707ce81383d311139d4dbc9dfb6a6e948346439efe77d
-
SSDEEP
12288:OMrqy906E5Z9oK/FPXDlaHDw9M3P/1bAoU5nGt0Jbn/0l57cDWpU4EHD+r:wyCz9oK/FbCUwX1EouxcYmr
Static task
static1
Behavioral task
behavioral1
Sample
8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194
-
Size
742KB
-
MD5
6a63998eb6c3f93e1ae2b42def2fad00
-
SHA1
c88b9e68bce79bc361c68a3412be4d2c2e609289
-
SHA256
8267fc2d8fc9f777dd58baf77636ac30180420438ddefb879eee5887b6657194
-
SHA512
c32353c92ec695e6d902fe5f5e1b48e181fb5e3bf768d4d7acfe24c2306916706551e6ff9dcbe3b1ece707ce81383d311139d4dbc9dfb6a6e948346439efe77d
-
SSDEEP
12288:OMrqy906E5Z9oK/FPXDlaHDw9M3P/1bAoU5nGt0Jbn/0l57cDWpU4EHD+r:wyCz9oK/FbCUwX1EouxcYmr
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1