Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
875e9df3d55d657596bb7452344d866b6597877865f9408d767ca5ed432ccff5
-
Size
515KB
-
Sample
230718-x6t1wsdd23
-
MD5
db5c19ebcd5d62ab4fe4ee1143f662aa
-
SHA1
7818ef38609e93e90c1bbccf411902d2b25c4173
-
SHA256
875e9df3d55d657596bb7452344d866b6597877865f9408d767ca5ed432ccff5
-
SHA512
f8354b8844a2f0f63a98ad99bf1ec4948e7eb4b6cc34785999e175e63ce73118abd41861901fd294da4b7dfe5e810895a223ccb513e801b51b324df956c01b07
-
SSDEEP
12288:hMrLy90/GdPi3RoYMeliHvyE0dIwrlAdepSBCzq7E8udaMRCCZH:WyrVi3RomUHqcWARBC8EsMgwH
Static task
static1
Behavioral task
behavioral1
Sample
875e9df3d55d657596bb7452344d866b6597877865f9408d767ca5ed432ccff5.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
875e9df3d55d657596bb7452344d866b6597877865f9408d767ca5ed432ccff5
-
Size
515KB
-
MD5
db5c19ebcd5d62ab4fe4ee1143f662aa
-
SHA1
7818ef38609e93e90c1bbccf411902d2b25c4173
-
SHA256
875e9df3d55d657596bb7452344d866b6597877865f9408d767ca5ed432ccff5
-
SHA512
f8354b8844a2f0f63a98ad99bf1ec4948e7eb4b6cc34785999e175e63ce73118abd41861901fd294da4b7dfe5e810895a223ccb513e801b51b324df956c01b07
-
SSDEEP
12288:hMrLy90/GdPi3RoYMeliHvyE0dIwrlAdepSBCzq7E8udaMRCCZH:WyrVi3RomUHqcWARBC8EsMgwH
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-