Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
91a0106c0b58cd6fde7a66bb181b3dbb.exe
-
Size
345KB
-
Sample
230719-v1emxaaf3s
-
MD5
91a0106c0b58cd6fde7a66bb181b3dbb
-
SHA1
17bdbdb35a47154fec7fdfc4e9f59a053e5d5d7a
-
SHA256
84843ae0e91bbacae720437937f1bcea3fcae4d9933d71a07a26a8e81479c0f0
-
SHA512
de013483c8564801292d33a1103fbee5fa3ff41f21c4ddf447a870e5c1ee883bd15e95a2e7440c09b2a049e3578cec3d7f10d1182d4a30729790a1aa1ade5aab
-
SSDEEP
3072:AP2ZBBNQdf3BgVy/pC35i/fcax7YN9+SVtkwFn1oOKlOvJO2bNLg3r3XN3:zZRQN3Bg0GincaGhVtkU0sxOuq3
Static task
static1
Behavioral task
behavioral1
Sample
91a0106c0b58cd6fde7a66bb181b3dbb.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
178.32.90.250:29608
-
auth_value
c2955ed3813a798683a185a82e949f88
Targets
-
-
Target
91a0106c0b58cd6fde7a66bb181b3dbb.exe
-
Size
345KB
-
MD5
91a0106c0b58cd6fde7a66bb181b3dbb
-
SHA1
17bdbdb35a47154fec7fdfc4e9f59a053e5d5d7a
-
SHA256
84843ae0e91bbacae720437937f1bcea3fcae4d9933d71a07a26a8e81479c0f0
-
SHA512
de013483c8564801292d33a1103fbee5fa3ff41f21c4ddf447a870e5c1ee883bd15e95a2e7440c09b2a049e3578cec3d7f10d1182d4a30729790a1aa1ade5aab
-
SSDEEP
3072:AP2ZBBNQdf3BgVy/pC35i/fcax7YN9+SVtkwFn1oOKlOvJO2bNLg3r3XN3:zZRQN3Bg0GincaGhVtkU0sxOuq3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-