Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9
-
Size
1.2MB
-
Sample
231013-fmh1vaeh2s
-
MD5
fe3f38ecd2588f5859199841286083ae
-
SHA1
dbdb1f87ded800cc360c28968d01d42e21dd744f
-
SHA256
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9
-
SHA512
8e0d9f22b13b0e85f6903468d5c86b4272e50d2c042520a81cb2ac668d9ce4920084e196799f9f43d17f026f8d31feb7e81e5f3eb24fd13c56651b0858f46dfc
-
SSDEEP
24576:jBuqRu53jCLkdw27qLL4WLz/liL+IUA5d/53OiFOr4UL6wzpwOYLG:NuqRq3Z7qLL4WLLliL+MHBNFOrjL6wzD
Static task
static1
Behavioral task
behavioral1
Sample
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9
-
Size
1.2MB
-
MD5
fe3f38ecd2588f5859199841286083ae
-
SHA1
dbdb1f87ded800cc360c28968d01d42e21dd744f
-
SHA256
0f55c7a42f1cbcb1bc18edcd516aef6b3fee31f46112a0d484b0d1bf5cb0a5c9
-
SHA512
8e0d9f22b13b0e85f6903468d5c86b4272e50d2c042520a81cb2ac668d9ce4920084e196799f9f43d17f026f8d31feb7e81e5f3eb24fd13c56651b0858f46dfc
-
SSDEEP
24576:jBuqRu53jCLkdw27qLL4WLz/liL+IUA5d/53OiFOr4UL6wzpwOYLG:NuqRq3Z7qLL4WLLliL+MHBNFOrjL6wzD
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1