Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a588845cd0e47d77eb079dcb0811cf918b598e34fa3a13635daf312afdf8a5fc
-
Size
390KB
-
Sample
230716-zpgeksgf88
-
MD5
8dfd2098bf98dcf3012a2768dbc3413e
-
SHA1
5010031333cd26a0e88364df7f7fbbb26cd10440
-
SHA256
a588845cd0e47d77eb079dcb0811cf918b598e34fa3a13635daf312afdf8a5fc
-
SHA512
6d6ad94263499200c1ab5f5dd845518503a0112930cc5a7f10c806c8ef1fd23adea93a2bd7f0e9837a95eac809f8981d667ac1a7f4c7c653abc84133c480311d
-
SSDEEP
6144:KGy+bnr+kp0yN90QE/8GvruxThX3kW8nZNX5YHUp2eWuOFDFdiYT0Y7r+TEh:OMrgy902GU1tnF3iYT0erwu
Static task
static1
Behavioral task
behavioral1
Sample
a588845cd0e47d77eb079dcb0811cf918b598e34fa3a13635daf312afdf8a5fc.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
zahar
77.91.68.56:19071
-
auth_value
94c55a31fcf1761f07eeb4a0c6fb74fa
Targets
-
-
Target
a588845cd0e47d77eb079dcb0811cf918b598e34fa3a13635daf312afdf8a5fc
-
Size
390KB
-
MD5
8dfd2098bf98dcf3012a2768dbc3413e
-
SHA1
5010031333cd26a0e88364df7f7fbbb26cd10440
-
SHA256
a588845cd0e47d77eb079dcb0811cf918b598e34fa3a13635daf312afdf8a5fc
-
SHA512
6d6ad94263499200c1ab5f5dd845518503a0112930cc5a7f10c806c8ef1fd23adea93a2bd7f0e9837a95eac809f8981d667ac1a7f4c7c653abc84133c480311d
-
SSDEEP
6144:KGy+bnr+kp0yN90QE/8GvruxThX3kW8nZNX5YHUp2eWuOFDFdiYT0Y7r+TEh:OMrgy902GU1tnF3iYT0erwu
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-