Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3f9a5a10a9cd9b9ef41da2c543c2f11b44beac341e7f55c00142f55c1570e1d3
-
Size
286KB
-
Sample
221030-ndwjkshdhq
-
MD5
143c85d79d3f859120b69fbd22bf73d0
-
SHA1
23c4c187b99af027c3ff9eb8e8f5498096a83922
-
SHA256
3f9a5a10a9cd9b9ef41da2c543c2f11b44beac341e7f55c00142f55c1570e1d3
-
SHA512
08e2b665a1bec4483703cd8e2ce1c20eced0e1e68d6e89150881d3d2743ff5eea19ea217553ca9b8a8aab7b4eac735352d470c6a22577818d55ede9df93711a1
-
SSDEEP
3072:dCGzz3UcvDLCTcKS9d5/Fj0u2SHWWxDb2oXhZj0tbbj69RaVEa0JM/h3:fUcvDLCTcKSFF0snDfXhZj0ZO9oEaO
Static task
static1
Behavioral task
behavioral1
Sample
3f9a5a10a9cd9b9ef41da2c543c2f11b44beac341e7f55c00142f55c1570e1d3.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
slovarik15btc
78.153.144.3:2510
-
auth_value
bfedad55292538ad3edd07ac95ad8952
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Extracted
redline
High
80.66.87.20:80
-
auth_value
e5a19803f83e644a0008c2114f6c607e
Targets
-
-
Target
3f9a5a10a9cd9b9ef41da2c543c2f11b44beac341e7f55c00142f55c1570e1d3
-
Size
286KB
-
MD5
143c85d79d3f859120b69fbd22bf73d0
-
SHA1
23c4c187b99af027c3ff9eb8e8f5498096a83922
-
SHA256
3f9a5a10a9cd9b9ef41da2c543c2f11b44beac341e7f55c00142f55c1570e1d3
-
SHA512
08e2b665a1bec4483703cd8e2ce1c20eced0e1e68d6e89150881d3d2743ff5eea19ea217553ca9b8a8aab7b4eac735352d470c6a22577818d55ede9df93711a1
-
SSDEEP
3072:dCGzz3UcvDLCTcKS9d5/Fj0u2SHWWxDb2oXhZj0tbbj69RaVEa0JM/h3:fUcvDLCTcKSFF0snDfXhZj0ZO9oEaO
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-