Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b
-
Size
930KB
-
Sample
231014-esd4eaga8v
-
MD5
4697b533d9be35351f1742bb0fa26f94
-
SHA1
06fcdb6fd8172cbcbd27ebb340905d989630475b
-
SHA256
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b
-
SHA512
93ed2e98d76da352f8c83a1142c11bbcf3ebcf79e38d140fbae14fc1c4a719d8b39bd9fa732de02f09a1273bc9782e9a710c7b40a3f1356acaf411cf8e05a459
-
SSDEEP
12288:gl//yfYb5BIQZVtvffdXWOW1kyOqJ6xM1FKGv4YVnGGwfZhi7p6gA2ni5BVObHWM:YiuBtZvfdGOUkM1fnwG6gAzV+HWi7
Static task
static1
Behavioral task
behavioral1
Sample
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b
-
Size
930KB
-
MD5
4697b533d9be35351f1742bb0fa26f94
-
SHA1
06fcdb6fd8172cbcbd27ebb340905d989630475b
-
SHA256
d11b917059b1e85e6e816885c654c6bd9a2a878d05a3ba821bf3bc45baef410b
-
SHA512
93ed2e98d76da352f8c83a1142c11bbcf3ebcf79e38d140fbae14fc1c4a719d8b39bd9fa732de02f09a1273bc9782e9a710c7b40a3f1356acaf411cf8e05a459
-
SSDEEP
12288:gl//yfYb5BIQZVtvffdXWOW1kyOqJ6xM1FKGv4YVnGGwfZhi7p6gA2ni5BVObHWM:YiuBtZvfdGOUkM1fnwG6gAzV+HWi7
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1