Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

69f8e43073...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690N

  • Size

    202KB

  • Sample

    241114-lefteawhrb

  • MD5

    b4d19e1899fad64b988f6f917ac62c80

  • SHA1

    85159974fed63fe8e0f9308b13a8628605456382

  • SHA256

    69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690

  • SHA512

    66a9c644c05ae3cf64d31608699a57bfda819aac016e49dd66748a175455935a9b021238794acb624a99a38596f1043adf1c072f950c427db3b96e643225a438

  • SSDEEP

    3072:Kly+bnr+O145GWp1icKAArDZz4N9GhbkrNEk6IfA7jkFF9j5dBKO3lY1:Kly+bnr+Dp0yN90QEufAHsF3M

Score
10/10
healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690N

    • Size

      202KB

    • MD5

      b4d19e1899fad64b988f6f917ac62c80

    • SHA1

      85159974fed63fe8e0f9308b13a8628605456382

    • SHA256

      69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690

    • SHA512

      66a9c644c05ae3cf64d31608699a57bfda819aac016e49dd66748a175455935a9b021238794acb624a99a38596f1043adf1c072f950c427db3b96e643225a438

    • SSDEEP

      3072:Kly+bnr+O145GWp1icKAArDZz4N9GhbkrNEk6IfA7jkFF9j5dBKO3lY1:Kly+bnr+Dp0yN90QEufAHsF3M

    Score
    10/10
    healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.