Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
740KB
-
Sample
230210-vvt6eabh8z
-
MD5
c73c104a5e0204ea08bf670d5f7e3663
-
SHA1
d1dee95858bb24ab34a94d2af843ad8d3df660e1
-
SHA256
5df039faf4891909eceeb268f3fca7437eaa88c6d9c88a6d44a93d5cf7ea54ed
-
SHA512
3b67bb87e0865104d24cd09b82e4bfb576ef3e4a66976e62f07d4956c3066a480f32f6c0ba572975266fb2c8d11054b14720eba39ec661e8a3edadb43b14359c
-
SSDEEP
12288:SMr7y90TDG5Vw2tkcQiQ9hUrPDWrxeQJufF8NXon/PJbhs:VyyeVwZcQirrbmNJKqe/PRm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Targets
-
-
Target
file.exe
-
Size
740KB
-
MD5
c73c104a5e0204ea08bf670d5f7e3663
-
SHA1
d1dee95858bb24ab34a94d2af843ad8d3df660e1
-
SHA256
5df039faf4891909eceeb268f3fca7437eaa88c6d9c88a6d44a93d5cf7ea54ed
-
SHA512
3b67bb87e0865104d24cd09b82e4bfb576ef3e4a66976e62f07d4956c3066a480f32f6c0ba572975266fb2c8d11054b14720eba39ec661e8a3edadb43b14359c
-
SSDEEP
12288:SMr7y90TDG5Vw2tkcQiQ9hUrPDWrxeQJufF8NXon/PJbhs:VyyeVwZcQirrbmNJKqe/PRm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-