Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14
-
Size
2.4MB
-
Sample
221101-k4pbeababr
-
MD5
c1fe936433eb4be74eef3e7095f42d77
-
SHA1
b997230735a2a033647425441f908cb906047523
-
SHA256
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14
-
SHA512
e33c1fec65c97cd2c5dabeb460ef83e2102201d9d9cf1c2789b7dfa65e2bb6063b927612a7bfc7eff234fc70ee14802af4fe134b8abeb00c4f6fea2adda8e7a6
-
SSDEEP
24576:cBqYYgYPXQh8RMpJRh9dM46/uN9X5koyLSAOtSL2SxgCl3RuQ55313V:cBmsIoyLSAOtSll3T
Static task
static1
Behavioral task
behavioral1
Sample
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@mnogokupurbolshoykarman
77.73.134.24:80
-
auth_value
b555cfd27c33c447be45d0969d5f35d8
Targets
-
-
Target
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14
-
Size
2.4MB
-
MD5
c1fe936433eb4be74eef3e7095f42d77
-
SHA1
b997230735a2a033647425441f908cb906047523
-
SHA256
409cd2191cd5207704f590ca05b3ecd94bfe086f09c4aa87422e4126f04cab14
-
SHA512
e33c1fec65c97cd2c5dabeb460ef83e2102201d9d9cf1c2789b7dfa65e2bb6063b927612a7bfc7eff234fc70ee14802af4fe134b8abeb00c4f6fea2adda8e7a6
-
SSDEEP
24576:cBqYYgYPXQh8RMpJRh9dM46/uN9X5koyLSAOtSL2SxgCl3RuQ55313V:cBmsIoyLSAOtSll3T
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Stops running service(s)
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-