Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd
-
Size
744KB
-
Sample
230910-q1cq4ahe3x
-
MD5
2c34a2398d16f17aa19cd83154203cf6
-
SHA1
fb4f06fc0b9260279a0f93eeb25031d178fd43c0
-
SHA256
594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd
-
SHA512
670c6c71f9310dcef250c3e4e2b1643f71a519943e4b2a6fc8f3a51175dab1fad37baa9fde800cb304e70692d8dc010d400c5fadc971f293f4672379724d360c
-
SSDEEP
12288:rMrwy90ioVxgH7XtXcNq5wLo6t2Mebkz8WLhza8cwhIMmaxgsK3kla53J1X0U:3y0YXtXcNPUo2bkLz5c4v+kli3fX0U
Static task
static1
Behavioral task
behavioral1
Sample
594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd
-
Size
744KB
-
MD5
2c34a2398d16f17aa19cd83154203cf6
-
SHA1
fb4f06fc0b9260279a0f93eeb25031d178fd43c0
-
SHA256
594d73971666fa3abbfd0bf25b0ce18dcf95f1dee60ca7bf31d577b0a9da55cd
-
SHA512
670c6c71f9310dcef250c3e4e2b1643f71a519943e4b2a6fc8f3a51175dab1fad37baa9fde800cb304e70692d8dc010d400c5fadc971f293f4672379724d360c
-
SSDEEP
12288:rMrwy90ioVxgH7XtXcNq5wLo6t2Mebkz8WLhza8cwhIMmaxgsK3kla53J1X0U:3y0YXtXcNPUo2bkLz5c4v+kli3fX0U
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1