Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
716020e4f020112592364d018f7b4dcc3a077aa74caa5a47248bd8bed748f943
-
Size
390KB
-
Sample
230719-qnd4dsgc22
-
MD5
ce4a66c426e381a1cfac0eccf34f665a
-
SHA1
d15e190c32ae490e3182c1124b43560ffde77cf0
-
SHA256
716020e4f020112592364d018f7b4dcc3a077aa74caa5a47248bd8bed748f943
-
SHA512
c814f3c9f5a6c56568a723338ee102695afafb254b111757899be590a730632ad82613e11c08d035d6e70af574b89ec639a3878912e47b63aced2fbc23212936
-
SSDEEP
12288:8MrPy906vQ5bOAqppOhyXL48cHnl9/HkS:bypY5zqppONHYS
Static task
static1
Behavioral task
behavioral1
Sample
716020e4f020112592364d018f7b4dcc3a077aa74caa5a47248bd8bed748f943.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
716020e4f020112592364d018f7b4dcc3a077aa74caa5a47248bd8bed748f943
-
Size
390KB
-
MD5
ce4a66c426e381a1cfac0eccf34f665a
-
SHA1
d15e190c32ae490e3182c1124b43560ffde77cf0
-
SHA256
716020e4f020112592364d018f7b4dcc3a077aa74caa5a47248bd8bed748f943
-
SHA512
c814f3c9f5a6c56568a723338ee102695afafb254b111757899be590a730632ad82613e11c08d035d6e70af574b89ec639a3878912e47b63aced2fbc23212936
-
SSDEEP
12288:8MrPy906vQ5bOAqppOhyXL48cHnl9/HkS:bypY5zqppONHYS
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-