Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
200acc7cade28c0ab7ef52a77ab521a4e9df8ddc405c55b662c9b769807f924f
-
Size
515KB
-
Sample
230717-ffhfqsah9t
-
MD5
35c16b26a33d8a3ce6fb2dc6785170b2
-
SHA1
4a172a01acb1250250c6c160fae2ed0bd66efd7c
-
SHA256
200acc7cade28c0ab7ef52a77ab521a4e9df8ddc405c55b662c9b769807f924f
-
SHA512
e4cfa6f682961bf43c06651c093ca91178c01985cd913655af54034a82e7fbf7aef722631ffaa3e6ace33707b4d17dc02a9958c6fe460c9350a1b5e590f383a4
-
SSDEEP
6144:Kky+bnr+np0yN90QEx2WqjxCR8ykZWNvc3QksRyipApriITZfsAYcxmirp7BcLQ6:wMrfy90K7s8yk0NOr56BwdV7yLsJs
Static task
static1
Behavioral task
behavioral1
Sample
200acc7cade28c0ab7ef52a77ab521a4e9df8ddc405c55b662c9b769807f924f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
zahar
77.91.68.56:19071
-
auth_value
94c55a31fcf1761f07eeb4a0c6fb74fa
Targets
-
-
Target
200acc7cade28c0ab7ef52a77ab521a4e9df8ddc405c55b662c9b769807f924f
-
Size
515KB
-
MD5
35c16b26a33d8a3ce6fb2dc6785170b2
-
SHA1
4a172a01acb1250250c6c160fae2ed0bd66efd7c
-
SHA256
200acc7cade28c0ab7ef52a77ab521a4e9df8ddc405c55b662c9b769807f924f
-
SHA512
e4cfa6f682961bf43c06651c093ca91178c01985cd913655af54034a82e7fbf7aef722631ffaa3e6ace33707b4d17dc02a9958c6fe460c9350a1b5e590f383a4
-
SSDEEP
6144:Kky+bnr+np0yN90QEx2WqjxCR8ykZWNvc3QksRyipApriITZfsAYcxmirp7BcLQ6:wMrfy90K7s8yk0NOr56BwdV7yLsJs
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-