Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fb05507c52...8a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb05507c52c2e8f629b69a34d84727ea4642260cec6c837d5c5e06d66768868a

  • Size

    765KB

  • Sample

    241111-cyek1stnhk

  • MD5

    b2df5dec575c31441f14b4764b9158da

  • SHA1

    d8ac94de573c64a6190f0519a629ae67b60f11bb

  • SHA256

    fb05507c52c2e8f629b69a34d84727ea4642260cec6c837d5c5e06d66768868a

  • SHA512

    36dba110cf53ed6ca6f496c8ce9dcaf366291997cc34dc62bdac6f0628e6f2aacc02871ecf1be05276dccd5bd21c49e8987c2a8eb4e219ae3f590fa41b3eeec9

  • SSDEEP

    12288:+MrVy90ZgLLpmVfgeTwe6oTYHU2hl0NJvLS9slp1Ws/rrRWyfF7EpeyMsi/4:zy+gLLgVfNj6oTOU2hsJvLjlpLzX03Mu

Score
10/10
healerredlinedubnadiscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      fb05507c52c2e8f629b69a34d84727ea4642260cec6c837d5c5e06d66768868a

    • Size

      765KB

    • MD5

      b2df5dec575c31441f14b4764b9158da

    • SHA1

      d8ac94de573c64a6190f0519a629ae67b60f11bb

    • SHA256

      fb05507c52c2e8f629b69a34d84727ea4642260cec6c837d5c5e06d66768868a

    • SHA512

      36dba110cf53ed6ca6f496c8ce9dcaf366291997cc34dc62bdac6f0628e6f2aacc02871ecf1be05276dccd5bd21c49e8987c2a8eb4e219ae3f590fa41b3eeec9

    • SSDEEP

      12288:+MrVy90ZgLLpmVfgeTwe6oTYHU2hl0NJvLS9slp1Ws/rrRWyfF7EpeyMsi/4:zy+gLLgVfNj6oTOU2hsJvLjlpLzX03Mu

    Score
    10/10
    healerredlinedubnadiscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.