Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8862f70691d3e4fd9993c7bec511b4829403f15fba9b7999708edc372da0103c
-
Size
134KB
-
Sample
221002-q1pewshcd4
-
MD5
0d90cd2b626eb1e2173e0a1fc07fd113
-
SHA1
fbb00ad8ad06bc9286f2e49dca4d5bf1080cc23e
-
SHA256
8862f70691d3e4fd9993c7bec511b4829403f15fba9b7999708edc372da0103c
-
SHA512
4079a57b686fe5162c8cafa969469d3879196800245bc6d5f70c92d0cb8c68ca95f863debee4845a713c65c1cc94ccaab4fa32d89711fb2cc64e36b65cd3f775
-
SSDEEP
3072:F3i2EnRIZK6Su/IhB2lYAuqSoUWBSxRwge4Xfn/per:Bkw/Ij2YlqQWBEQ4f/pe
Static task
static1
Behavioral task
behavioral1
Sample
8862f70691d3e4fd9993c7bec511b4829403f15fba9b7999708edc372da0103c.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
80.66.87.22:80
80.66.87.13:80
-
auth_value
5b663effac3b92fe687f0181631eeff2
Targets
-
-
Target
8862f70691d3e4fd9993c7bec511b4829403f15fba9b7999708edc372da0103c
-
Size
134KB
-
MD5
0d90cd2b626eb1e2173e0a1fc07fd113
-
SHA1
fbb00ad8ad06bc9286f2e49dca4d5bf1080cc23e
-
SHA256
8862f70691d3e4fd9993c7bec511b4829403f15fba9b7999708edc372da0103c
-
SHA512
4079a57b686fe5162c8cafa969469d3879196800245bc6d5f70c92d0cb8c68ca95f863debee4845a713c65c1cc94ccaab4fa32d89711fb2cc64e36b65cd3f775
-
SSDEEP
3072:F3i2EnRIZK6Su/IhB2lYAuqSoUWBSxRwge4Xfn/per:Bkw/Ij2YlqQWBEQ4f/pe
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-