Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/11/2022, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
General
-
Target
file.exe
-
Size
350KB
-
MD5
b211506c8e4c1d2457798fc080eb280e
-
SHA1
fabc17fa3b40c700a62e53007934265080b253a7
-
SHA256
538ef16b83a2c3ab6951f9c7d7a58ac2f491abb15f3af682eedd018956fda923
-
SHA512
bd38a2671315efcddb923630c1c254cb79b031ca747cbd04ef9191cccba2901ab92dff5b357d153a5fece5bbe9e979615821bd3bf7d43b6841dc8d1fde008438
-
SSDEEP
6144:CL4PA7EiL5OYqiLVf7vwM6FWz3f0khZlO0JnSIcL61Bbyn9Z:CLAAbgYvVf74czP0kVO0lSBGXbkZ
Malware Config
Extracted
redline
mix
193.106.191.25:47242
-
auth_value
5469d87831a100553f2f10d3aadec8bb
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1668 file.exe 1668 file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1668 file.exe