Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cf7f0588d1389a905ae2c9f350f483f8f65424386a0b942440c66f93df6c4fe1
-
Size
390KB
-
Sample
230718-2pstqaed24
-
MD5
53fc69ddcc1efcb2cec80d8e185d8327
-
SHA1
fe43d689d761eb89ac5c13946c76119cc66fc606
-
SHA256
cf7f0588d1389a905ae2c9f350f483f8f65424386a0b942440c66f93df6c4fe1
-
SHA512
27d7a332a4443e96cd35a30dcc6d4e90a89d87a512c435db52e4d98dcaad268f9a057a43b3e90ea7a049fcccebc11fe8a8fecd7cc4d4895206876323a7371582
-
SSDEEP
6144:K6y+bnr+qp0yN90QE2RpibeyRRnxXl/pajdILJABC/prbmFZB0fe0Q:mMrqy90wilxVxajdIL2C/pnm3B0fe0Q
Static task
static1
Behavioral task
behavioral1
Sample
cf7f0588d1389a905ae2c9f350f483f8f65424386a0b942440c66f93df6c4fe1.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
cf7f0588d1389a905ae2c9f350f483f8f65424386a0b942440c66f93df6c4fe1
-
Size
390KB
-
MD5
53fc69ddcc1efcb2cec80d8e185d8327
-
SHA1
fe43d689d761eb89ac5c13946c76119cc66fc606
-
SHA256
cf7f0588d1389a905ae2c9f350f483f8f65424386a0b942440c66f93df6c4fe1
-
SHA512
27d7a332a4443e96cd35a30dcc6d4e90a89d87a512c435db52e4d98dcaad268f9a057a43b3e90ea7a049fcccebc11fe8a8fecd7cc4d4895206876323a7371582
-
SSDEEP
6144:K6y+bnr+qp0yN90QE2RpibeyRRnxXl/pajdILJABC/prbmFZB0fe0Q:mMrqy90wilxVxajdIL2C/pnm3B0fe0Q
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-