Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
-
Size
7.1MB
-
Sample
221206-ez4yeahd78
-
MD5
51dae8d6208cc255aea7ad0eaba77014
-
SHA1
dd949ae42f7bc491ac29d9d68b8d12379270bb1a
-
SHA256
e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
-
SHA512
c3ab44e3e69e8baee8f215ab2297cab20d2fb9a56e375ae86e8e1102f7d43f683cee64bcd3bfcf59d60742bab80b371de3b18fd5519414787d1cf4eb2e992ed5
-
SSDEEP
196608:F7nmjqCE8cpmmTVPuF2O8ET7pbO0yA7GO:F7nYRE8cQmTVP2vnl7L
Static task
static1
Behavioral task
behavioral1
Sample
e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b.exe
Resource
win7-20220812-en
Malware Config
Extracted
systembc
89.22.236.225:4193
176.124.205.5:4193
Extracted
vidar
56.1
1569
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1569
Targets
-
-
Target
e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
-
Size
7.1MB
-
MD5
51dae8d6208cc255aea7ad0eaba77014
-
SHA1
dd949ae42f7bc491ac29d9d68b8d12379270bb1a
-
SHA256
e27ac6756cbebfb6679f7f6b8428aa24efca10a089aaf582f14b3b07ef1d044b
-
SHA512
c3ab44e3e69e8baee8f215ab2297cab20d2fb9a56e375ae86e8e1102f7d43f683cee64bcd3bfcf59d60742bab80b371de3b18fd5519414787d1cf4eb2e992ed5
-
SSDEEP
196608:F7nmjqCE8cpmmTVPuF2O8ET7pbO0yA7GO:F7nYRE8cQmTVP2vnl7L
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-