Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f
-
Size
390KB
-
Sample
230720-crqppscg6y
-
MD5
5a29cf36bbbf96c36a37af9d6b33a690
-
SHA1
e06eee19f7c1593dd665b02f54edb52e3ef09a58
-
SHA256
a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f
-
SHA512
f5fee2ff4e07c363cc76d16725bd6bfdd04f113b10548592375e6fe6a200e8973fab7cdb0f20492535811f2f32d6968cead42c178b209a3d3152c7c8abfa4758
-
SSDEEP
6144:Kiy+bnr+up0yN90QEgdkNOaFXYkW8PZNUHyRG+bjmJ4aUlzwHO9tNACfawY0Q:aMrey90ok7VpmmP3Q
Static task
static1
Behavioral task
behavioral1
Sample
a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f
-
Size
390KB
-
MD5
5a29cf36bbbf96c36a37af9d6b33a690
-
SHA1
e06eee19f7c1593dd665b02f54edb52e3ef09a58
-
SHA256
a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f
-
SHA512
f5fee2ff4e07c363cc76d16725bd6bfdd04f113b10548592375e6fe6a200e8973fab7cdb0f20492535811f2f32d6968cead42c178b209a3d3152c7c8abfa4758
-
SSDEEP
6144:Kiy+bnr+up0yN90QEgdkNOaFXYkW8PZNUHyRG+bjmJ4aUlzwHO9tNACfawY0Q:aMrey90ok7VpmmP3Q
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-