Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.zip
-
Size
111KB
-
Sample
230308-ndqy4afc6t
-
MD5
857eabb2c3a0a9c466c321c1161ba4df
-
SHA1
3347ac5f5400a7a7e5ee430a9985527ad845630c
-
SHA256
8f81aea8532fa47818298688e4e5932bdb78bf3ecaa24e3f45e7a949f05ef123
-
SHA512
7bd648b4ebbcc8cac4a2c6a80ef30c90fe838d703ab4e22f622cad90edc4c7662a569e6188bfecd5f6ab5782b4be8c606731b27debde68d16b3336d780ca7c6a
-
SSDEEP
3072:u0B1vUyZ70cDUJZyM+mTqyXqvGSV1tAmp9slY9:R38yjeZUoqyXqvGQGmp9OU
Behavioral task
behavioral1
Sample
9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.68
77.91.78.17/0jVu73d/index.php
Extracted
redline
95.216.251.184:4321
-
auth_value
a909e2aaecf96137978fea4f86400b9b
Targets
-
-
Target
9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.exe
-
Size
244KB
-
MD5
622779b345a28c3999e46f3d5a6a5ec8
-
SHA1
21a4dc3be99afa3fba8ac935edaf14e6e59e43b0
-
SHA256
9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb
-
SHA512
f1e24fa86e0421f50da47b634f3549f369604c476f42c18b692695ea44020d9b4cf8142e69752e3749317d678aac21e01eca787c2df30b134c28bf876cd79872
-
SSDEEP
6144:raKMNkZYYYRHqz5yetq1+Gvuli30oU9ci68:udayF1tuli3c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-