Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b
-
Size
549KB
-
Sample
241111-bngrysygqm
-
MD5
e0483418ab2793e61ef36c4f009abb45
-
SHA1
dffc0b54ea1bef41728694fb3404ed2549942d3b
-
SHA256
ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b
-
SHA512
99cd12795c1d6dc5792e7cfeb4e9fae651b28443d67976ee1fbcd26fa5317bd15af3c9fca0eb4160bb2169a72ff334a588a01c858d4ed3fa9b939914272b6c7b
-
SSDEEP
12288:OMrCy90Vq9No+qm9p6UHofGf16yxwNjEMpXu8Xl1ipHRPFnS8F:YySwNo+v9UUHofK1HIjZuqKdS8F
Static task
static1
Behavioral task
behavioral1
Sample
ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b
-
Size
549KB
-
MD5
e0483418ab2793e61ef36c4f009abb45
-
SHA1
dffc0b54ea1bef41728694fb3404ed2549942d3b
-
SHA256
ed75d761135df1f00119df867a5558c582eafbd9078023e581691ecbd940cd4b
-
SHA512
99cd12795c1d6dc5792e7cfeb4e9fae651b28443d67976ee1fbcd26fa5317bd15af3c9fca0eb4160bb2169a72ff334a588a01c858d4ed3fa9b939914272b6c7b
-
SSDEEP
12288:OMrCy90Vq9No+qm9p6UHofGf16yxwNjEMpXu8Xl1ipHRPFnS8F:YySwNo+v9UUHofK1HIjZuqKdS8F
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1