Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
-
Size
1.8MB
-
Sample
230321-179dradd75
-
MD5
a631f66eb7c5e6e476ebac0baa5b0dbe
-
SHA1
3ec553f7caffff701451fad841a7b0d38f538895
-
SHA256
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
-
SHA512
57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45
-
SSDEEP
24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si
Static task
static1
Behavioral task
behavioral1
Sample
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mix1
80.85.156.168:20189
-
auth_value
4f9b36b8bfdf2607d3f0e623584037e2
Targets
-
-
Target
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
-
Size
1.8MB
-
MD5
a631f66eb7c5e6e476ebac0baa5b0dbe
-
SHA1
3ec553f7caffff701451fad841a7b0d38f538895
-
SHA256
d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e
-
SHA512
57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45
-
SSDEEP
24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-