Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
notifier578.exe
-
Size
1.0MB
-
Sample
230522-hekwksee82
-
MD5
ef68b88498ccb6e7b5793a8b17176c9b
-
SHA1
d37a8e99da8adbdcee4baf23f83636deae2c6328
-
SHA256
8438cd37a6e0aec36c84b4d18ce8005fe856f7b3ebd26d2de58610eab1418a14
-
SHA512
2d3f62baf691b276609e148d3a166bf1ab2772822583348dbd4fe7f6127507b691777282c1173a9eaeb42d49536f7ac36a31c4df6ab1e5030050a5530e8735c6
-
SSDEEP
24576:qyopOyTwkYuzrX5qjxUTxqmjzv2U8DEVOJ0AyS6rJPnfaRaP7Kxz4:xoYyTwh2rX5qjxUDjzeDEsD6rJPnfoKk
Static task
static1
Behavioral task
behavioral1
Sample
notifier578.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
notifier578.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mixa
185.161.248.37:4138
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Targets
-
-
Target
notifier578.exe
-
Size
1.0MB
-
MD5
ef68b88498ccb6e7b5793a8b17176c9b
-
SHA1
d37a8e99da8adbdcee4baf23f83636deae2c6328
-
SHA256
8438cd37a6e0aec36c84b4d18ce8005fe856f7b3ebd26d2de58610eab1418a14
-
SHA512
2d3f62baf691b276609e148d3a166bf1ab2772822583348dbd4fe7f6127507b691777282c1173a9eaeb42d49536f7ac36a31c4df6ab1e5030050a5530e8735c6
-
SSDEEP
24576:qyopOyTwkYuzrX5qjxUTxqmjzv2U8DEVOJ0AyS6rJPnfaRaP7Kxz4:xoYyTwh2rX5qjxUDjzeDEsD6rJPnfoKk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-