Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
56ad4d7aac399dd64beaced638a6000f.exe
-
Size
470KB
-
Sample
221016-zm5pdsaccp
-
MD5
56ad4d7aac399dd64beaced638a6000f
-
SHA1
40724b8432d5a5ee18ca52645a56a80349ae5ace
-
SHA256
a96519061c8c1af420d77cff87fcb88f409db5328dac7df3a91c235bc4ee5eec
-
SHA512
cc6038ffd3b1eff55f18e9f37f8a277c0ab9a589b9f93c2e82c30db4773ccc7d0ce5e213adee018e6146079ced5034fbe518463c94d9b3462d84315dd3a7012b
-
SSDEEP
6144:Hhb/Jr6KmZ4hihQonw60Ub0qS0YHUkX+v0w15QHvNyu8/Z4oOffzlKOMP5FajXs:Nhr6Ktihfw663X+M6gyBzOf7+5Ej
Static task
static1
Behavioral task
behavioral1
Sample
56ad4d7aac399dd64beaced638a6000f.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
12.10 mix
95.216.252.180:19924
-
auth_value
68e8cd0331889a05c2fabf0a7595d2bf
Targets
-
-
Target
56ad4d7aac399dd64beaced638a6000f.exe
-
Size
470KB
-
MD5
56ad4d7aac399dd64beaced638a6000f
-
SHA1
40724b8432d5a5ee18ca52645a56a80349ae5ace
-
SHA256
a96519061c8c1af420d77cff87fcb88f409db5328dac7df3a91c235bc4ee5eec
-
SHA512
cc6038ffd3b1eff55f18e9f37f8a277c0ab9a589b9f93c2e82c30db4773ccc7d0ce5e213adee018e6146079ced5034fbe518463c94d9b3462d84315dd3a7012b
-
SSDEEP
6144:Hhb/Jr6KmZ4hihQonw60Ub0qS0YHUkX+v0w15QHvNyu8/Z4oOffzlKOMP5FajXs:Nhr6Ktihfw663X+M6gyBzOf7+5Ej
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-