Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0
-
Size
1.3MB
-
Sample
230910-myxrpsge76
-
MD5
ba50d32199c3119f00e754fd73bd77c9
-
SHA1
440e1ced4c69d11eb28efc277bfe0c053d97cd71
-
SHA256
882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0
-
SHA512
8fff9acb1322ed67402224cb449f1f18d59527531d05cfbba0172955be34ec1da510c195dc47a19adcbd16b06f38d9b16fe9f073730dd722a3275d9cbc565fc8
-
SSDEEP
24576:wCIv6xXucXTu222Jz5csQjBPB+nEwTcg0QCyQcTP3jjDGrAz0lbRvtK5J:/Iv6IcXV5csQdiAg0QCyQefjjOAz0Dsn
Static task
static1
Behavioral task
behavioral1
Sample
882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0
-
Size
1.3MB
-
MD5
ba50d32199c3119f00e754fd73bd77c9
-
SHA1
440e1ced4c69d11eb28efc277bfe0c053d97cd71
-
SHA256
882bff0ac83efac81e23017cb9dd74381637546b6c36c03f81852bd0cedb6ef0
-
SHA512
8fff9acb1322ed67402224cb449f1f18d59527531d05cfbba0172955be34ec1da510c195dc47a19adcbd16b06f38d9b16fe9f073730dd722a3275d9cbc565fc8
-
SSDEEP
24576:wCIv6xXucXTu222Jz5csQjBPB+nEwTcg0QCyQcTP3jjDGrAz0lbRvtK5J:/Iv6IcXV5csQdiAg0QCyQefjjOAz0Dsn
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1