Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f
-
Size
390KB
-
Sample
230720-p7enlahb7t
-
MD5
83dcfc8716de4a6c61ba1ddfe57a0a7f
-
SHA1
6e5c04c5b704a4c2cedeb2e95f47feb3a5e6e1a3
-
SHA256
9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f
-
SHA512
88472924e420d46b5456adf9108fb481376c4d467823073434bd2f35d2872afda1ed3d258dd1447e198329173166e1dcbe0949ab3a590b37b661325ce9482e7a
-
SSDEEP
6144:KCy+bnr+8p0yN90QECeQ0NSonpYjDSynG1xh2/jdmtq3CcHnlRH6cuy9vnkXo:eMrYy904HxVKT2aqycHnl9t79sY
Static task
static1
Behavioral task
behavioral1
Sample
9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f
-
Size
390KB
-
MD5
83dcfc8716de4a6c61ba1ddfe57a0a7f
-
SHA1
6e5c04c5b704a4c2cedeb2e95f47feb3a5e6e1a3
-
SHA256
9eee7e499856768682f1beb463577ac3d88ca42d142b2e21f53ddf85969c554f
-
SHA512
88472924e420d46b5456adf9108fb481376c4d467823073434bd2f35d2872afda1ed3d258dd1447e198329173166e1dcbe0949ab3a590b37b661325ce9482e7a
-
SSDEEP
6144:KCy+bnr+8p0yN90QECeQ0NSonpYjDSynG1xh2/jdmtq3CcHnlRH6cuy9vnkXo:eMrYy904HxVKT2aqycHnl9t79sY
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1