Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba
-
Size
917KB
-
Sample
231113-lf7nhscc35
-
MD5
9172efa71e43f3672f9df7fe76962c51
-
SHA1
19955e871d53ec6307a0b228edc8507cface8118
-
SHA256
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba
-
SHA512
a14498d86c8e16b69c9db05410f6b45e1c04decd8ba758a4f8f9fa1acbca8a7b77a283fd02b384174e63ada96231cba56ce84c3f5e92d2e14b22e6f093144974
-
SSDEEP
24576:ByaO2Qn5gaeuIsKC/GdLYDFyzX/MRf+JS6sjnio:0am55et9EGW5uX/MRwan
Static task
static1
Behavioral task
behavioral1
Sample
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba.exe
Resource
win10-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba
-
Size
917KB
-
MD5
9172efa71e43f3672f9df7fe76962c51
-
SHA1
19955e871d53ec6307a0b228edc8507cface8118
-
SHA256
bfe7066be5112770b1f49b37ec95872bb8c3f18097c0d6def9a3c82959a7f1ba
-
SHA512
a14498d86c8e16b69c9db05410f6b45e1c04decd8ba758a4f8f9fa1acbca8a7b77a283fd02b384174e63ada96231cba56ce84c3f5e92d2e14b22e6f093144974
-
SSDEEP
24576:ByaO2Qn5gaeuIsKC/GdLYDFyzX/MRf+JS6sjnio:0am55et9EGW5uX/MRwan
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-