Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
-
Size
491KB
-
Sample
241104-rqxh7a1gkk
-
MD5
06c4bd51cbf51954b34d81b43bd144f2
-
SHA1
e924fad84cc93ea850f632291b7a1692efd391f5
-
SHA256
608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
-
SHA512
4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb
-
SSDEEP
12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG
Static task
static1
Behavioral task
behavioral1
Sample
608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lade
217.196.96.101:4132
-
auth_value
6e597bb53b7858f1eaca3f569cb16e1e
Targets
-
-
Target
608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
-
Size
491KB
-
MD5
06c4bd51cbf51954b34d81b43bd144f2
-
SHA1
e924fad84cc93ea850f632291b7a1692efd391f5
-
SHA256
608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
-
SHA512
4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb
-
SSDEEP
12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1