Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db
-
Size
1.2MB
-
Sample
231013-dpk7wabh91
-
MD5
9cb509a501dca0ca4bd43e7bd8800319
-
SHA1
8800bb6f3df45a90a6f581b4cd8bd22cd4962ffd
-
SHA256
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db
-
SHA512
b5e025194912f27c8474448476b816f332a41ce508cdf6c0e32f5a7a01293cdbe8d833dc1f8f09c121c3eccd8821aec75181cdd96887fa63b0cc4b14fb916294
-
SSDEEP
24576:MZtxDwqN5sh/Y7VH8pdBF9lpQyz3u9hEhbfx/vhZ:MZtRH01oyzuAtVhZ
Static task
static1
Behavioral task
behavioral1
Sample
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db
-
Size
1.2MB
-
MD5
9cb509a501dca0ca4bd43e7bd8800319
-
SHA1
8800bb6f3df45a90a6f581b4cd8bd22cd4962ffd
-
SHA256
eb105aa3dd9eeca6ea432a8f1e023b96707dd39c1a5ebdb0c7466e53b08dd7db
-
SHA512
b5e025194912f27c8474448476b816f332a41ce508cdf6c0e32f5a7a01293cdbe8d833dc1f8f09c121c3eccd8821aec75181cdd96887fa63b0cc4b14fb916294
-
SSDEEP
24576:MZtxDwqN5sh/Y7VH8pdBF9lpQyz3u9hEhbfx/vhZ:MZtRH01oyzuAtVhZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1