Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bb339eb9775c7dc78f54a2144569cc9b01913cb7cf39de1ffe6dc7e5aa8cdcc3
-
Size
484KB
-
Sample
241106-v8ww6axjdr
-
MD5
763da83ba3ac4178e3352733983989e3
-
SHA1
49e1e1b7a04b8d0efa26624da0611c2ba2e156f0
-
SHA256
bb339eb9775c7dc78f54a2144569cc9b01913cb7cf39de1ffe6dc7e5aa8cdcc3
-
SHA512
5ab05d5975e6a1b0875ac2d95a4ef10cc795110339e8b86a293ad19a6bb9e8a4fded9b33ef2095e4f83fccebe9f945fc8ad754fa14baa0f46dc6374a4a508d2b
-
SSDEEP
12288:5MrDy90vVxdkGWVACmSpenmIIC6t5u/ypICkgo:KyKjgVAY8/N6/NpIp
Static task
static1
Behavioral task
behavioral1
Sample
bb339eb9775c7dc78f54a2144569cc9b01913cb7cf39de1ffe6dc7e5aa8cdcc3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
bb339eb9775c7dc78f54a2144569cc9b01913cb7cf39de1ffe6dc7e5aa8cdcc3
-
Size
484KB
-
MD5
763da83ba3ac4178e3352733983989e3
-
SHA1
49e1e1b7a04b8d0efa26624da0611c2ba2e156f0
-
SHA256
bb339eb9775c7dc78f54a2144569cc9b01913cb7cf39de1ffe6dc7e5aa8cdcc3
-
SHA512
5ab05d5975e6a1b0875ac2d95a4ef10cc795110339e8b86a293ad19a6bb9e8a4fded9b33ef2095e4f83fccebe9f945fc8ad754fa14baa0f46dc6374a4a508d2b
-
SSDEEP
12288:5MrDy90vVxdkGWVACmSpenmIIC6t5u/ypICkgo:KyKjgVAY8/N6/NpIp
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1