Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
-
Size
322KB
-
Sample
221102-jkqjpaacb5
-
MD5
468e03b0d6f647fdcd5b106dc6867ec4
-
SHA1
170b74af5f578040b50ca88db17433b80069a045
-
SHA256
f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
-
SHA512
a77db43f5c3bae0bb77ce6805be8ce89b046b46be8555f486f0888c19dc625fe6617f1f8348e89ea004db19cab4f6ea2c5fb25ba4749f9efe8c68b85c4010dcf
-
SSDEEP
3072:PY82Ki8oFBshc5XTht6jsEnoJGDtkTp8aRhvHuzCQr6VggjcGkNIVqIZ:A82NBmuhLEnoIxa8UOZrC7ITsq4
Static task
static1
Behavioral task
behavioral1
Sample
f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
-
Size
322KB
-
MD5
468e03b0d6f647fdcd5b106dc6867ec4
-
SHA1
170b74af5f578040b50ca88db17433b80069a045
-
SHA256
f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
-
SHA512
a77db43f5c3bae0bb77ce6805be8ce89b046b46be8555f486f0888c19dc625fe6617f1f8348e89ea004db19cab4f6ea2c5fb25ba4749f9efe8c68b85c4010dcf
-
SSDEEP
3072:PY82Ki8oFBshc5XTht6jsEnoJGDtkTp8aRhvHuzCQr6VggjcGkNIVqIZ:A82NBmuhLEnoIxa8UOZrC7ITsq4
-
Detect Amadey credential stealer module
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-