Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930
-
Size
1.3MB
-
Sample
231012-rywa4aeb6v
-
MD5
da1333144d8b061a48cb0401f52f2d3e
-
SHA1
cedec8d21fdf51a8f95eee01f41fae764f5711f5
-
SHA256
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930
-
SHA512
65d679934febb8fccceedfb5436fa535482f8e1c43adf1b712481deed328a628fac1188ec8ff743996e3e9099f0bde8b7dfa1721e4cdc55b042c6337ed9d07fd
-
SSDEEP
24576:3Ld650qMgM/k/Q1ZaKjeeNfmdPvnQD9hUUpeN2RK9kvI7AfCSrHqMdxQs:s50q/M/k/oZaKjeeA9vQD7Dq2RJ2AfCY
Static task
static1
Behavioral task
behavioral1
Sample
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
vasha
77.91.124.82:19071
-
auth_value
42fc61786274daca54d589b85a2c1954
Targets
-
-
Target
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930
-
Size
1.3MB
-
MD5
da1333144d8b061a48cb0401f52f2d3e
-
SHA1
cedec8d21fdf51a8f95eee01f41fae764f5711f5
-
SHA256
e64f15aafb19cc0c568c25aab4ed9e339e9948537882cdf2c6a22c53507fe930
-
SHA512
65d679934febb8fccceedfb5436fa535482f8e1c43adf1b712481deed328a628fac1188ec8ff743996e3e9099f0bde8b7dfa1721e4cdc55b042c6337ed9d07fd
-
SSDEEP
24576:3Ld650qMgM/k/Q1ZaKjeeNfmdPvnQD9hUUpeN2RK9kvI7AfCSrHqMdxQs:s50q/M/k/oZaKjeeA9vQD7Dq2RJ2AfCY
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1