Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
072eeac1d272e9e512a2cacef8a9a3f9def1dfaf8ca9161415354995b88d12a1
-
Size
1.1MB
-
Sample
230922-g3r45aea3v
-
MD5
0ad89329839df76bb66e483ae56be239
-
SHA1
ff37f406b34e95458d08f2876243ba8b5c12a8e1
-
SHA256
072eeac1d272e9e512a2cacef8a9a3f9def1dfaf8ca9161415354995b88d12a1
-
SHA512
0bbb54b7478be71943d17f095b4743667900f0b34bc50c9627eaaf9b1db7e41ca846120476334b2ded4102ddc7fc336ec6c86a6a8fa70052adcdccf33565a824
-
SSDEEP
24576:WywuSZYDHn97qIbvtL7mqEa0WN03En97jnKD1C:lRBbvx7mqlsEn9nY
Static task
static1
Behavioral task
behavioral1
Sample
072eeac1d272e9e512a2cacef8a9a3f9def1dfaf8ca9161415354995b88d12a1.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
trush
77.91.124.82:19071
-
auth_value
c13814867cde8193679cd0cad2d774be
Extracted
amadey
3.89
http://77.91.68.52/mac/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
Targets
-
-
Target
072eeac1d272e9e512a2cacef8a9a3f9def1dfaf8ca9161415354995b88d12a1
-
Size
1.1MB
-
MD5
0ad89329839df76bb66e483ae56be239
-
SHA1
ff37f406b34e95458d08f2876243ba8b5c12a8e1
-
SHA256
072eeac1d272e9e512a2cacef8a9a3f9def1dfaf8ca9161415354995b88d12a1
-
SHA512
0bbb54b7478be71943d17f095b4743667900f0b34bc50c9627eaaf9b1db7e41ca846120476334b2ded4102ddc7fc336ec6c86a6a8fa70052adcdccf33565a824
-
SSDEEP
24576:WywuSZYDHn97qIbvtL7mqEa0WN03En97jnKD1C:lRBbvx7mqlsEn9nY
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1