Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a52fb507bac619f7ded1d68511dd94e9.exe
-
Size
526KB
-
Sample
230703-ecr1bsfg6s
-
MD5
a52fb507bac619f7ded1d68511dd94e9
-
SHA1
1d6980ad116ad527c20f9c3d327be44d9b33b376
-
SHA256
72a2b9571eec2590fab63fdc9459381ea501ac2459b692f088fe43ea83ff62b0
-
SHA512
5d5cc9fab83cfc58cb9a883a82259d62f023330d1370754e3ca641861405413b90288323bac55a3506bf42dad59ac43efbe5dbfa40afc40fe623be41b69dad40
-
SSDEEP
12288:AZLtt3Q2PBsjs5N3Cwr/blrsHtSdgzbN7PjIOun:AZLttJas5N3hbblc2KbNkn
Static task
static1
Behavioral task
behavioral1
Sample
a52fb507bac619f7ded1d68511dd94e9.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
a52fb507bac619f7ded1d68511dd94e9.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
a52fb507bac619f7ded1d68511dd94e9.exe
-
Size
526KB
-
MD5
a52fb507bac619f7ded1d68511dd94e9
-
SHA1
1d6980ad116ad527c20f9c3d327be44d9b33b376
-
SHA256
72a2b9571eec2590fab63fdc9459381ea501ac2459b692f088fe43ea83ff62b0
-
SHA512
5d5cc9fab83cfc58cb9a883a82259d62f023330d1370754e3ca641861405413b90288323bac55a3506bf42dad59ac43efbe5dbfa40afc40fe623be41b69dad40
-
SSDEEP
12288:AZLtt3Q2PBsjs5N3Cwr/blrsHtSdgzbN7PjIOun:AZLttJas5N3hbblc2KbNkn
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-