Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a
-
Size
1.2MB
-
Sample
231013-ytkgcshh74
-
MD5
d1fe87b968d82a18079d364fbacd925c
-
SHA1
1c0a756cd3aeb46dd9cc68b27ce5d8e14895d635
-
SHA256
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a
-
SHA512
36b268b08cf3ec4897faf21fe0974aa2208ef144a7f8235248bc0e197dc01f3dc758ac23f9e3d25a02889c7a7d178fa5ea9eecda61dcfd22ae8b4cfaa08358a2
-
SSDEEP
24576:k/84HcyCYwmdpQHAZ6MEf/k19o0HxSFsNQe4XdB7xxX16G:e84HZ+OuHAZI8LrckQe4XdB7/X8G
Static task
static1
Behavioral task
behavioral1
Sample
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a
-
Size
1.2MB
-
MD5
d1fe87b968d82a18079d364fbacd925c
-
SHA1
1c0a756cd3aeb46dd9cc68b27ce5d8e14895d635
-
SHA256
fc9fe514f85f4c49194475bba840d353d153d3d9f73f44e8441e7619445bf58a
-
SHA512
36b268b08cf3ec4897faf21fe0974aa2208ef144a7f8235248bc0e197dc01f3dc758ac23f9e3d25a02889c7a7d178fa5ea9eecda61dcfd22ae8b4cfaa08358a2
-
SSDEEP
24576:k/84HcyCYwmdpQHAZ6MEf/k19o0HxSFsNQe4XdB7xxX16G:e84HZ+OuHAZI8LrckQe4XdB7/X8G
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1