Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
x2882564.exe
-
Size
776KB
-
Sample
231012-qwc63aec99
-
MD5
b486e1aa15200a93443df9fcb1098c5e
-
SHA1
ce2512432ef7f497863052da77f53cd1a827d86a
-
SHA256
d489bb16bad16af7c57f9852a491fb82e94a9ab007fa85336ab33ca83773d893
-
SHA512
423c73cf5f708e75faf6fdd406088ecb717639b503e02b9e0921274a8c1618fe3d228ef0b806e6a94c880eec3b75cc0f026304719ae11af7621ac6241b70d561
-
SSDEEP
12288:qMrsy90EAUxhFHh+ny7B298BEhaSLXvJAjnfYjnAKywqxrgKCb90vDM2VwOCvj:SyDDY/8SFzvJUfYj+rDCSvDM1Z
Static task
static1
Behavioral task
behavioral1
Sample
x2882564.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
x2882564.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
vasha
77.91.124.82:19071
-
auth_value
42fc61786274daca54d589b85a2c1954
Targets
-
-
Target
x2882564.exe
-
Size
776KB
-
MD5
b486e1aa15200a93443df9fcb1098c5e
-
SHA1
ce2512432ef7f497863052da77f53cd1a827d86a
-
SHA256
d489bb16bad16af7c57f9852a491fb82e94a9ab007fa85336ab33ca83773d893
-
SHA512
423c73cf5f708e75faf6fdd406088ecb717639b503e02b9e0921274a8c1618fe3d228ef0b806e6a94c880eec3b75cc0f026304719ae11af7621ac6241b70d561
-
SSDEEP
12288:qMrsy90EAUxhFHh+ny7B298BEhaSLXvJAjnfYjnAKywqxrgKCb90vDM2VwOCvj:SyDDY/8SFzvJUfYj+rDCSvDM1Z
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1