Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690
-
Size
743KB
-
Sample
230910-kx6bcafh6t
-
MD5
b075b104b5a5e7c7eeb5a0efffa5c6e9
-
SHA1
8674d67b9faf1f4d65b0ab687c18a96e47805d05
-
SHA256
fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690
-
SHA512
8d019fb981c465007e2168b43e39d14e31cdb524f61f0c3e1f7b8b5ebcd8032fa5c7e502470771fc36d334118595fcf99cd13170a2cf3b37fd40b6234a652dcb
-
SSDEEP
12288:lMrCy90gxO3hmLjmBd/hLK1rqwh3mJq5S1MnGEmm/+W5JOTV/841oiGfwmFxXfXF:bym3hemBVJOOwh3mJqBZzh5JOTh1offb
Static task
static1
Behavioral task
behavioral1
Sample
fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690
-
Size
743KB
-
MD5
b075b104b5a5e7c7eeb5a0efffa5c6e9
-
SHA1
8674d67b9faf1f4d65b0ab687c18a96e47805d05
-
SHA256
fbca04734b90a5602dd684cd8208e4fe6c03d49d6ec3dcadc4632c7775320690
-
SHA512
8d019fb981c465007e2168b43e39d14e31cdb524f61f0c3e1f7b8b5ebcd8032fa5c7e502470771fc36d334118595fcf99cd13170a2cf3b37fd40b6234a652dcb
-
SSDEEP
12288:lMrCy90gxO3hmLjmBd/hLK1rqwh3mJq5S1MnGEmm/+W5JOTV/841oiGfwmFxXfXF:bym3hemBVJOOwh3mJqBZzh5JOTh1offb
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1