Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee
-
Size
930KB
-
Sample
231014-cxtnjsdg49
-
MD5
188b21bc63faad7b1b3c33af8fe7ba06
-
SHA1
6dbfff80152b0af2473b754c773cc1ccfe63ea49
-
SHA256
b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee
-
SHA512
490fd7b24912c4267ed4944e2b35eb060713e97a5b5f2ee3e2b4173f5dd06c3e542167213a5dccea16e32a426c1539fd1e260550e63699adc1ac873767d1a831
-
SSDEEP
24576:riuBtZGSCFbMmswAMRhEoQlgtSLv1tgkQU4:euBfGSS1sDMRhaGSLv13QU4
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee
-
Size
930KB
-
MD5
188b21bc63faad7b1b3c33af8fe7ba06
-
SHA1
6dbfff80152b0af2473b754c773cc1ccfe63ea49
-
SHA256
b3fe7b1632df8612e97952cc63a296871fb2644a0e890aa8b2369131cdc108ee
-
SHA512
490fd7b24912c4267ed4944e2b35eb060713e97a5b5f2ee3e2b4173f5dd06c3e542167213a5dccea16e32a426c1539fd1e260550e63699adc1ac873767d1a831
-
SSDEEP
24576:riuBtZGSCFbMmswAMRhEoQlgtSLv1tgkQU4:euBfGSS1sDMRhaGSLv13QU4
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1