Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d3dcc13804a5926bdc93031b03af8f1598b00eb8551447ea4fc2b1ec5a8f2f11
-
Size
389KB
-
Sample
230719-eppezagd5w
-
MD5
e0506cd37cfccb24f795555c89cf812c
-
SHA1
b6201a35ea3e59fc8f1adb3b8ef2167406d2d7f6
-
SHA256
d3dcc13804a5926bdc93031b03af8f1598b00eb8551447ea4fc2b1ec5a8f2f11
-
SHA512
7199e5cf9ae1a536a718d86a8a24abb21ea0aee3ae85018507c87ff2bee8187924e9f8e1ceda097cc04d0e6310d41315fd4003830c99329e222d028e209d463f
-
SSDEEP
6144:KDy+bnr+wp0yN90QEjzHku0sJHwPu+GwphPxg7EFSol5+hmN6FfwLESV:1MrIy90VjkD7/u7E4mN6wd
Static task
static1
Behavioral task
behavioral1
Sample
d3dcc13804a5926bdc93031b03af8f1598b00eb8551447ea4fc2b1ec5a8f2f11.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
d3dcc13804a5926bdc93031b03af8f1598b00eb8551447ea4fc2b1ec5a8f2f11
-
Size
389KB
-
MD5
e0506cd37cfccb24f795555c89cf812c
-
SHA1
b6201a35ea3e59fc8f1adb3b8ef2167406d2d7f6
-
SHA256
d3dcc13804a5926bdc93031b03af8f1598b00eb8551447ea4fc2b1ec5a8f2f11
-
SHA512
7199e5cf9ae1a536a718d86a8a24abb21ea0aee3ae85018507c87ff2bee8187924e9f8e1ceda097cc04d0e6310d41315fd4003830c99329e222d028e209d463f
-
SSDEEP
6144:KDy+bnr+wp0yN90QEjzHku0sJHwPu+GwphPxg7EFSol5+hmN6FfwLESV:1MrIy90VjkD7/u7E4mN6wd
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-