Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf
-
Size
3.1MB
-
Sample
231014-amcwyafd9s
-
MD5
89bb472642a708698b253b0fb0411322
-
SHA1
bc20878f661e44565946338ba344388595bc7e0b
-
SHA256
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf
-
SHA512
ad00df710f334fee08dc64d33a3e7742f313af866e9cdbcec0d9381d4dce2ee36687187c16f30bad663de27d66a31df96442ee4778f558c4e496252db7c70fb4
-
SSDEEP
49152:g4ctSwHupD6ERas+6a3vDgHDuPUQknGKQIM0dhflElN3X6f:g4ctrEPSgHDW4nGC3flmNa
Static task
static1
Behavioral task
behavioral1
Sample
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
ramon
77.91.124.82:19071
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf
-
Size
3.1MB
-
MD5
89bb472642a708698b253b0fb0411322
-
SHA1
bc20878f661e44565946338ba344388595bc7e0b
-
SHA256
c8eb9662199443eee0be998482cd9a6cd4bf9f0f115c04db6bae8f0816a9e7bf
-
SHA512
ad00df710f334fee08dc64d33a3e7742f313af866e9cdbcec0d9381d4dce2ee36687187c16f30bad663de27d66a31df96442ee4778f558c4e496252db7c70fb4
-
SSDEEP
49152:g4ctSwHupD6ERas+6a3vDgHDuPUQknGKQIM0dhflElN3X6f:g4ctrEPSgHDW4nGC3flmNa
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1