Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d87c4bc2f2d293c42d30b5c85b7a061.exe
-
Size
518KB
-
Sample
230209-qex5xada5v
-
MD5
7d87c4bc2f2d293c42d30b5c85b7a061
-
SHA1
4cab1a968d1e93eb0b6ec52f0df4f9d7e56029d1
-
SHA256
72fa014db49738f6ab72b7e127c30d4d15a7e6c03aaa5c3a7e06be766858a124
-
SHA512
d33fb6f6dca80349b1f23f206c85d915d683ebb8d3ce9dffa1ada6e48d25d45fafb19b6692e88a1431f1926faf48bec3f64516e42fe84e9b67c30bf47764c884
-
SSDEEP
12288:JMrny90xCiQb5c+bKuZdZ3+Nxpsvka6OIOIpCNAJ:CyKCdba+nr37vP6s8CuJ
Static task
static1
Behavioral task
behavioral1
Sample
7d87c4bc2f2d293c42d30b5c85b7a061.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7d87c4bc2f2d293c42d30b5c85b7a061.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
7d87c4bc2f2d293c42d30b5c85b7a061.exe
-
Size
518KB
-
MD5
7d87c4bc2f2d293c42d30b5c85b7a061
-
SHA1
4cab1a968d1e93eb0b6ec52f0df4f9d7e56029d1
-
SHA256
72fa014db49738f6ab72b7e127c30d4d15a7e6c03aaa5c3a7e06be766858a124
-
SHA512
d33fb6f6dca80349b1f23f206c85d915d683ebb8d3ce9dffa1ada6e48d25d45fafb19b6692e88a1431f1926faf48bec3f64516e42fe84e9b67c30bf47764c884
-
SSDEEP
12288:JMrny90xCiQb5c+bKuZdZ3+Nxpsvka6OIOIpCNAJ:CyKCdba+nr37vP6s8CuJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-