Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2
-
Size
930KB
-
Sample
231014-cx6ywabh41
-
MD5
2dfd9fd982fbf4cc8024e0516fadfb51
-
SHA1
6f75d913aa14b7ccbe316325463e5d34e4c23843
-
SHA256
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2
-
SHA512
cc80fc9a068bf5ca7512eb43b8d8ada6aa976ef49462e8596066920fb305da28f1b500428281917fe4dbb0335e3d2546dd62df4b9d3dca8e986b7ebd8f987f93
-
SSDEEP
12288:E9//yfYb5BIQZVtR6Ar8OJuq/YDPfSQF3sPp+uptyodtqNpKZ2dsi+gI1PBAhKhS:EiuBtZc08OJpY/8PYHodtqfBKl1p/Kx
Static task
static1
Behavioral task
behavioral1
Sample
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2
-
Size
930KB
-
MD5
2dfd9fd982fbf4cc8024e0516fadfb51
-
SHA1
6f75d913aa14b7ccbe316325463e5d34e4c23843
-
SHA256
88050edb4a0c073628d88b2d7ac9b33169e89d580404c391eb416c2d973601e2
-
SHA512
cc80fc9a068bf5ca7512eb43b8d8ada6aa976ef49462e8596066920fb305da28f1b500428281917fe4dbb0335e3d2546dd62df4b9d3dca8e986b7ebd8f987f93
-
SSDEEP
12288:E9//yfYb5BIQZVtR6Ar8OJuq/YDPfSQF3sPp+uptyodtqNpKZ2dsi+gI1PBAhKhS:EiuBtZc08OJpY/8PYHodtqfBKl1p/Kx
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1