Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d
-
Size
549KB
-
Sample
241111-bkd7nazbpc
-
MD5
2a04709edd1d1f12fd1518b24b384c76
-
SHA1
95432e860bd9bcb1aec7d6ba66d6e6ace2eb4981
-
SHA256
cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d
-
SHA512
aa133da4275e2bced62aa91c6408afd4f047ab3f73932c7ec4636dd5f3eb2ca689d31bd2317810c606937234c922a5df3bc7ab319875cd5c69c7caf8b703913b
-
SSDEEP
12288:VMrSy90ST5gH482KZMIyVaopGGpJuDKgBnaQDU9SrUJbKvN:3yl58ZBmaopzujoQDU9J2l
Static task
static1
Behavioral task
behavioral1
Sample
cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d
-
Size
549KB
-
MD5
2a04709edd1d1f12fd1518b24b384c76
-
SHA1
95432e860bd9bcb1aec7d6ba66d6e6ace2eb4981
-
SHA256
cb1ad377f0526296e0bd38400b53658cc8bab42868b99b68d75d24420a354f1d
-
SHA512
aa133da4275e2bced62aa91c6408afd4f047ab3f73932c7ec4636dd5f3eb2ca689d31bd2317810c606937234c922a5df3bc7ab319875cd5c69c7caf8b703913b
-
SSDEEP
12288:VMrSy90ST5gH482KZMIyVaopGGpJuDKgBnaQDU9SrUJbKvN:3yl58ZBmaopzujoQDU9J2l
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1