Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c
-
Size
1.2MB
-
Sample
231012-v43h5sec9y
-
MD5
1887ee1fe7412938d0b50e5048e66022
-
SHA1
221ec027a401906ad86063ee058f029298989798
-
SHA256
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c
-
SHA512
b2336235c24fe1d3df8e732bd10520d78043739701a6e40dd5f87ab094b1fd35556f22f1fed9bb6c722829b6395f560a39703229e475598b7f391dc0819fb092
-
SSDEEP
24576:VYtTYUw0/rq2RKjMWtjW5dXdswgy0nEGfyi0qdmGSygOTMrZV2RZ:VYtTYH0/O2vWNCrDgy0nEXi0bDbIZ
Static task
static1
Behavioral task
behavioral1
Sample
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c
-
Size
1.2MB
-
MD5
1887ee1fe7412938d0b50e5048e66022
-
SHA1
221ec027a401906ad86063ee058f029298989798
-
SHA256
05be32c1ac4d4f8080d6afa867e7a9cbdef17ca4b426a65580ae9b5f99b4741c
-
SHA512
b2336235c24fe1d3df8e732bd10520d78043739701a6e40dd5f87ab094b1fd35556f22f1fed9bb6c722829b6395f560a39703229e475598b7f391dc0819fb092
-
SSDEEP
24576:VYtTYUw0/rq2RKjMWtjW5dXdswgy0nEGfyi0qdmGSygOTMrZV2RZ:VYtTYH0/O2vWNCrDgy0nEXi0bDbIZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1