Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Setu_WINFile_x64x32.rar
-
Size
11.9MB
-
Sample
230318-24y92sea66
-
MD5
51758e35b89dac420595b974d17cd3e1
-
SHA1
c0784ad432efa0ab92978a9050336ae27cce5c2d
-
SHA256
40e2a4a10fafb03f8c2702b577cfd05de14fbdbd36d87d76c1a99cdf8e497dbb
-
SHA512
ac5ad08dfb75520d59e4fe8d1d21f369af1db6ee3ccb1de007e73a14e92ce5ff414464a29dc99b2021ed4c233cb606095fb6f1ea6a82074c317fbe024d2f6fe4
-
SSDEEP
196608:UWdJhtu32tt4579WDlks99FjCfV5MU7c1Uj9R03pKyzxXL0rKECdn1FSYD/wUzo9:57tltt0BWDl19fE5MF1+R0FzxXAidn1G
Static task
static1
Behavioral task
behavioral1
Sample
Setu_WINFile_x64x32/Set_WINFile_x64x32.exe
Resource
win7-20230220-en
Malware Config
Extracted
amadey
3.68
77.91.78.17/0jVu73d/index.php
Extracted
redline
135.181.173.163:4323
-
auth_value
a909e2aaecf96137978fea4f86400b9b
Targets
-
-
Target
Setu_WINFile_x64x32/Set_WINFile_x64x32.exe
-
Size
667.6MB
-
MD5
42cf398e01cf3f15dc1575bad83b703f
-
SHA1
d3556d724fb4fffdb256d2ceb6ae715d8663cd10
-
SHA256
344e36cb4ec5e07ad74f5ee8122575f872048a698d058a9d02ffe4f15f88f810
-
SHA512
8eb5b30cfb993d8bfaa8234b0f1856f81847ede0522c6cac7a2adaaaf9fb37119f7031c73a64ea6bec93aebf3695a380c38a999e7186323f2b0d6af954162d02
-
SSDEEP
3072:eD6LUbp7KirwsT3cOHC4HIr0tr19ZyUa+zqBMxvKrf+LigBh2AGloxQNwed2tsp9:O6Awi0sTMOtH6crLdkWTpLedGEgGTMQt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-