Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91.exe
-
Size
390KB
-
Sample
230720-k7bjqaff2v
-
MD5
2eceda61e6e0bef77aa4e2d0e99f765d
-
SHA1
05a5e56dec75029e3b8e483d649e7b5ff6f8daa2
-
SHA256
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91e5f12e07c396e822a01
-
SHA512
fc20de5d3d22d2f7b331aa892563cbdd0d496cbbf4004048cacc6bb0af9e45e0c0df64df3b1d19119fb5f2b1c76e773aa36e81051dab31c74e6705894b22c5d3
-
SSDEEP
6144:KNy+bnr+qp0yN90QEPnSCpusoviHGXWnzdpGWXAL6A5202cF1zV5cPMdDExP:bMruy90B/0lUDdwL6m203zVJdDExP
Static task
static1
Behavioral task
behavioral1
Sample
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91.exe
-
Size
390KB
-
MD5
2eceda61e6e0bef77aa4e2d0e99f765d
-
SHA1
05a5e56dec75029e3b8e483d649e7b5ff6f8daa2
-
SHA256
59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91e5f12e07c396e822a01
-
SHA512
fc20de5d3d22d2f7b331aa892563cbdd0d496cbbf4004048cacc6bb0af9e45e0c0df64df3b1d19119fb5f2b1c76e773aa36e81051dab31c74e6705894b22c5d3
-
SSDEEP
6144:KNy+bnr+qp0yN90QEPnSCpusoviHGXWnzdpGWXAL6A5202cF1zV5cPMdDExP:bMruy90B/0lUDdwL6m203zVJdDExP
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-