Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05ef523a2d6430dd50e4064cba14a06bd4345ef1e9fd41634a0edb3efefe7583
-
Size
1.0MB
-
Sample
230421-sfk8vagb92
-
MD5
faee8ba1446ba3e97e93c37cfb7b11bd
-
SHA1
6304baec64bdb8aa62b508dba38bc33ba7e3a47e
-
SHA256
05ef523a2d6430dd50e4064cba14a06bd4345ef1e9fd41634a0edb3efefe7583
-
SHA512
fbbd632cbc16ab54faa531cc5ce2898563cc99b1933af85a698b03b69bbbbbb215a00662d8ce95e9e5e515898b2bbd93ffa416f70b580c21f5392a694b290486
-
SSDEEP
24576:YybeMHucXbPhDCk1Rj5lGCYUDZsl2tsGc8MW8sBf:fbeMOcThrR5sCbecyz8M7I
Static task
static1
Behavioral task
behavioral1
Sample
05ef523a2d6430dd50e4064cba14a06bd4345ef1e9fd41634a0edb3efefe7583.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
Heavan Dave
199.115.193.116:15763
-
auth_value
53923b5ff123b63db4445e5dfd21c16f
Extracted
laplas
http://45.159.189.105
-
api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e
Targets
-
-
Target
05ef523a2d6430dd50e4064cba14a06bd4345ef1e9fd41634a0edb3efefe7583
-
Size
1.0MB
-
MD5
faee8ba1446ba3e97e93c37cfb7b11bd
-
SHA1
6304baec64bdb8aa62b508dba38bc33ba7e3a47e
-
SHA256
05ef523a2d6430dd50e4064cba14a06bd4345ef1e9fd41634a0edb3efefe7583
-
SHA512
fbbd632cbc16ab54faa531cc5ce2898563cc99b1933af85a698b03b69bbbbbb215a00662d8ce95e9e5e515898b2bbd93ffa416f70b580c21f5392a694b290486
-
SSDEEP
24576:YybeMHucXbPhDCk1Rj5lGCYUDZsl2tsGc8MW8sBf:fbeMOcThrR5sCbecyz8M7I
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Disabling Security Tools
2Modify Registry
3Virtualization/Sandbox Evasion
1Web Service
1