Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec
-
Size
929KB
-
Sample
231014-dvtq7sdd51
-
MD5
d6dc032aaf1b9960207e19a67aa11a8f
-
SHA1
bd6728c247061dba9bb1a39ee80f635bdb7d6ad1
-
SHA256
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec
-
SHA512
d5ee33f59ae5d164c072285f85c50a7e67ae8dfb5528431806b605e0b84d6cb0c4a2f5a0f2fded9e89c0bc279e80c4f2aeb88fc9edb564ec7a972ad5f9916682
-
SSDEEP
24576:KiuBtZKnzlIEuWq4j8ou7wH1q+ZDcI7G:BuBfKzKWq4aq1HtG
Static task
static1
Behavioral task
behavioral1
Sample
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec
-
Size
929KB
-
MD5
d6dc032aaf1b9960207e19a67aa11a8f
-
SHA1
bd6728c247061dba9bb1a39ee80f635bdb7d6ad1
-
SHA256
291a879997f29105dc599878aa6bf635eabcfaf97646413f2a4110614234d8ec
-
SHA512
d5ee33f59ae5d164c072285f85c50a7e67ae8dfb5528431806b605e0b84d6cb0c4a2f5a0f2fded9e89c0bc279e80c4f2aeb88fc9edb564ec7a972ad5f9916682
-
SSDEEP
24576:KiuBtZKnzlIEuWq4j8ou7wH1q+ZDcI7G:BuBfKzKWq4aq1HtG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1