Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7
-
Size
1.2MB
-
Sample
231013-dbcctadc22
-
MD5
afdcb9fe08736951088d5f1ac3a91882
-
SHA1
31638b05828c06bebc0e4fd654a1777a71f27855
-
SHA256
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7
-
SHA512
fb33e564a5f8c4d67631d7331dd3903bfb8b993f1fe63b79f0cbf35fba501424c7ef91423c14dc46c72f13189fbf97212a69489a2da17e2665ca19352fe1d762
-
SSDEEP
24576:EZtRsbYYOb5xGSBs7dsNIriUZ5aV/8c3lK2i6b0sJQp95IFHIuhqnMzXhu62G9eC:EZtRsXOb5x/OWYimc6cTkkjo8XlhZ
Static task
static1
Behavioral task
behavioral1
Sample
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7
-
Size
1.2MB
-
MD5
afdcb9fe08736951088d5f1ac3a91882
-
SHA1
31638b05828c06bebc0e4fd654a1777a71f27855
-
SHA256
0db2a72744fc2d2e90622c9db925e36555decceceaa24a63192a1ef4cf8a5aa7
-
SHA512
fb33e564a5f8c4d67631d7331dd3903bfb8b993f1fe63b79f0cbf35fba501424c7ef91423c14dc46c72f13189fbf97212a69489a2da17e2665ca19352fe1d762
-
SSDEEP
24576:EZtRsbYYOb5xGSBs7dsNIriUZ5aV/8c3lK2i6b0sJQp95IFHIuhqnMzXhu62G9eC:EZtRsXOb5x/OWYimc6cTkkjo8XlhZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1