Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c7a55db1377ed620e3d4c4c0b6b90d25.exe
-
Size
5.8MB
-
Sample
230706-gxnvhsaf6z
-
MD5
c7a55db1377ed620e3d4c4c0b6b90d25
-
SHA1
4958b9718e3c657ca0412dd7c83ee6c587a93310
-
SHA256
39943a7f5adbc87c332a71abfe242f8ef797a514e19bec5826c96c5ce71e8781
-
SHA512
66683d6b18d4a147d659324ac279af93652d96819de4ce7308953b4e6610be78d900406802c61bb8739eefe86a383aeb997f8d0f296f96c585ff54d3685a692d
-
SSDEEP
98304:UO70lfyix9Ki3V7hXpd00wUnApb95IRQdl1OIgL:UO70lf9x9x3/bXwHG2dl1OI8
Static task
static1
Behavioral task
behavioral1
Sample
c7a55db1377ed620e3d4c4c0b6b90d25.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
c7a55db1377ed620e3d4c4c0b6b90d25.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
norm
77.91.68.70:19073
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
furod
77.91.68.70:19073
-
auth_value
d2386245fe11799b28b4521492a5879d
Targets
-
-
Target
c7a55db1377ed620e3d4c4c0b6b90d25.exe
-
Size
5.8MB
-
MD5
c7a55db1377ed620e3d4c4c0b6b90d25
-
SHA1
4958b9718e3c657ca0412dd7c83ee6c587a93310
-
SHA256
39943a7f5adbc87c332a71abfe242f8ef797a514e19bec5826c96c5ce71e8781
-
SHA512
66683d6b18d4a147d659324ac279af93652d96819de4ce7308953b4e6610be78d900406802c61bb8739eefe86a383aeb997f8d0f296f96c585ff54d3685a692d
-
SSDEEP
98304:UO70lfyix9Ki3V7hXpd00wUnApb95IRQdl1OIgL:UO70lf9x9x3/bXwHG2dl1OI8
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-