Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
061fbff68473494557e69bd68084ff4f553ec4955ba032ebbb47d59cf431d919
-
Size
390KB
-
Sample
230720-tgmzhahd48
-
MD5
d51a59bba0bf1e897b03c4595ba7b843
-
SHA1
c1c8f432fd637fbc7f2526db15ca909ce07fd8c0
-
SHA256
061fbff68473494557e69bd68084ff4f553ec4955ba032ebbb47d59cf431d919
-
SHA512
23777d2dfefb955b3b06ea75bc8b41a9e25c0702bb726b0c949a3a6fc222b421744b2e1f80d7518e15647eb8927b4ed23beff4e8b99a86c5b1a6c056cceb8ca9
-
SSDEEP
6144:Ksy+bnr+Wp0yN90QEDuIFoMXmy4rbhU0GtwQEsk7D7Dq5YAIKBVTxvN6FG:gMrGy90BuIDmyyNuExjDtkvTxV6FG
Static task
static1
Behavioral task
behavioral1
Sample
061fbff68473494557e69bd68084ff4f553ec4955ba032ebbb47d59cf431d919.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
061fbff68473494557e69bd68084ff4f553ec4955ba032ebbb47d59cf431d919
-
Size
390KB
-
MD5
d51a59bba0bf1e897b03c4595ba7b843
-
SHA1
c1c8f432fd637fbc7f2526db15ca909ce07fd8c0
-
SHA256
061fbff68473494557e69bd68084ff4f553ec4955ba032ebbb47d59cf431d919
-
SHA512
23777d2dfefb955b3b06ea75bc8b41a9e25c0702bb726b0c949a3a6fc222b421744b2e1f80d7518e15647eb8927b4ed23beff4e8b99a86c5b1a6c056cceb8ca9
-
SSDEEP
6144:Ksy+bnr+Wp0yN90QEDuIFoMXmy4rbhU0GtwQEsk7D7Dq5YAIKBVTxvN6FG:gMrGy90BuIDmyyNuExjDtkvTxV6FG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1