Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7bcfcd13e9b790b25691ee2cd695ee8bb2a4e0c5497450c5c09f198e197451da
-
Size
515KB
-
Sample
230720-ll4h2sfg4s
-
MD5
a05cd6b59a0aeb9a9672c0eaba048850
-
SHA1
de7e8a85e1517947b54643071ed0ee0ae11babff
-
SHA256
7bcfcd13e9b790b25691ee2cd695ee8bb2a4e0c5497450c5c09f198e197451da
-
SHA512
abd43aa9283bdc2d0ae4f98a6726cae84bf3a00f93e0adf53f6ab69679442a7604abb068776e9d520eaca2d277b3839bc5766236fb05cd8f266dd97d9f97f618
-
SSDEEP
12288:9MrNy90RHLe30ZnOzB/nkmzN0D1lTKxgkelccnORPXE:UyIe30ZnOzB/n5zCRlT79lVORfE
Static task
static1
Behavioral task
behavioral1
Sample
7bcfcd13e9b790b25691ee2cd695ee8bb2a4e0c5497450c5c09f198e197451da.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
7bcfcd13e9b790b25691ee2cd695ee8bb2a4e0c5497450c5c09f198e197451da
-
Size
515KB
-
MD5
a05cd6b59a0aeb9a9672c0eaba048850
-
SHA1
de7e8a85e1517947b54643071ed0ee0ae11babff
-
SHA256
7bcfcd13e9b790b25691ee2cd695ee8bb2a4e0c5497450c5c09f198e197451da
-
SHA512
abd43aa9283bdc2d0ae4f98a6726cae84bf3a00f93e0adf53f6ab69679442a7604abb068776e9d520eaca2d277b3839bc5766236fb05cd8f266dd97d9f97f618
-
SSDEEP
12288:9MrNy90RHLe30ZnOzB/nkmzN0D1lTKxgkelccnORPXE:UyIe30ZnOzB/n5zCRlT79lVORfE
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-