Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b59ba55f69a332109ec86717660d66b7.exe
-
Size
1.6MB
-
Sample
230520-dgslzsab48
-
MD5
b59ba55f69a332109ec86717660d66b7
-
SHA1
3d61511c2dd907864f790f069ba30daf8a189884
-
SHA256
9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec
-
SHA512
71ad439cc3f2e1fa6f2e836ed5eb3041415fa368f0258e2cd97cd327e480deb63b4f4679d42783abe966abb181746a039d5c5c9a65c26efb979631d4f9859370
-
SSDEEP
49152:vEnI41s0Ypl/PB5iRsxKCDXbrHxW6ON7Y3:fc+dPB5iRGd5W6C7Y3
Static task
static1
Behavioral task
behavioral1
Sample
b59ba55f69a332109ec86717660d66b7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b59ba55f69a332109ec86717660d66b7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
5874066304_99
popshues.top:28786
-
auth_value
31adbd205862f9692bece3c6ae1bdc88
Targets
-
-
Target
b59ba55f69a332109ec86717660d66b7.exe
-
Size
1.6MB
-
MD5
b59ba55f69a332109ec86717660d66b7
-
SHA1
3d61511c2dd907864f790f069ba30daf8a189884
-
SHA256
9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec
-
SHA512
71ad439cc3f2e1fa6f2e836ed5eb3041415fa368f0258e2cd97cd327e480deb63b4f4679d42783abe966abb181746a039d5c5c9a65c26efb979631d4f9859370
-
SSDEEP
49152:vEnI41s0Ypl/PB5iRsxKCDXbrHxW6ON7Y3:fc+dPB5iRGd5W6C7Y3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-