Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16
-
Size
892KB
-
Sample
231114-gxpf2sgg6x
-
MD5
a27be1fe1fec2a595d19eac94389df10
-
SHA1
7ab1b086110f1a655714d4ed6e6403112462146e
-
SHA256
4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16
-
SHA512
c97b59b497a8bbbce137dcd759e3edb322d3b2e6f6ddad3838b07c0f13665e49533b5bed0e96abe65531693cf130cc2d3b65c55ba86785e0f7e947414e6409df
-
SSDEEP
24576:wy2/6LtVGaYB0XxaddJIvLuSdvdKfOE/v:3q6FidDEL7QW
Static task
static1
Behavioral task
behavioral1
Sample
4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16
-
Size
892KB
-
MD5
a27be1fe1fec2a595d19eac94389df10
-
SHA1
7ab1b086110f1a655714d4ed6e6403112462146e
-
SHA256
4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16
-
SHA512
c97b59b497a8bbbce137dcd759e3edb322d3b2e6f6ddad3838b07c0f13665e49533b5bed0e96abe65531693cf130cc2d3b65c55ba86785e0f7e947414e6409df
-
SSDEEP
24576:wy2/6LtVGaYB0XxaddJIvLuSdvdKfOE/v:3q6FidDEL7QW
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-