Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
panel.exe
-
Size
16.4MB
-
Sample
230823-ewcdzshf82
-
MD5
1246b7d115005ce9fcc96848c5595d72
-
SHA1
fa3777c7fe670cea2a4e8267945c3137091c64b5
-
SHA256
f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78
-
SHA512
5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101
-
SSDEEP
393216:gyOsihmjY/uAKJkDk4x/aQsY3K/jRsBp:FOLhmjY/utek4x/aQsyKLuBp
Static task
static1
Malware Config
Extracted
redline
cheat
127.0.0.1:1337
Targets
-
-
Target
panel.exe
-
Size
16.4MB
-
MD5
1246b7d115005ce9fcc96848c5595d72
-
SHA1
fa3777c7fe670cea2a4e8267945c3137091c64b5
-
SHA256
f01393937f06be201400703d1dbfb35397c4a5162f16278ba9d9bb63ddcbcc78
-
SHA512
5bf90904cf74a8c3775498578d856dd9f4837077928cd7ce24e4a6ccec00827bcfb28c2079498ba682a4f53204d7ad2bb8de2489005c429dc968e75e26d29101
-
SSDEEP
393216:gyOsihmjY/uAKJkDk4x/aQsY3K/jRsBp:FOLhmjY/utek4x/aQsyKLuBp
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-