Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e1de3c78c9ea144704f73172c376b7a50e84e179ead153fc6fa9d2e25fb9ee6
-
Size
515KB
-
Sample
230720-eq3zradb91
-
MD5
6a98e521a5fe0278a5fb59cd0a715ce3
-
SHA1
ef6579808d29a7596918b622ba20498649353421
-
SHA256
5e1de3c78c9ea144704f73172c376b7a50e84e179ead153fc6fa9d2e25fb9ee6
-
SHA512
9bc3870a71d0321844a6e1f33733411845911ce7a5323a7ad938d61151e2b753b5ef1747f743865296e1ef7217386a4d2104781c660274d4967491f8313b0a43
-
SSDEEP
12288:nMrTy9091JwNLFU3IoZdziYY354v6R4FqLedwCn:UyS8iIoZNiYYJ3eFqLdE
Static task
static1
Behavioral task
behavioral1
Sample
5e1de3c78c9ea144704f73172c376b7a50e84e179ead153fc6fa9d2e25fb9ee6.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
5e1de3c78c9ea144704f73172c376b7a50e84e179ead153fc6fa9d2e25fb9ee6
-
Size
515KB
-
MD5
6a98e521a5fe0278a5fb59cd0a715ce3
-
SHA1
ef6579808d29a7596918b622ba20498649353421
-
SHA256
5e1de3c78c9ea144704f73172c376b7a50e84e179ead153fc6fa9d2e25fb9ee6
-
SHA512
9bc3870a71d0321844a6e1f33733411845911ce7a5323a7ad938d61151e2b753b5ef1747f743865296e1ef7217386a4d2104781c660274d4967491f8313b0a43
-
SSDEEP
12288:nMrTy9091JwNLFU3IoZdziYY354v6R4FqLedwCn:UyS8iIoZNiYYJ3eFqLdE
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-