Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf
-
Size
1.1MB
-
Sample
231116-nfskpscd6z
-
MD5
d7b87eeedb079ef8ecefdbe3b35ba3f0
-
SHA1
510b4f732541dc7e9de573b905d4caa06037c5e2
-
SHA256
3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf
-
SHA512
65274041ddf2ead4af7e1b87848ba7d4708fff97c383c7b7277b7d629b35cb3a6b8b328d13aa807e7c1856d3ca8dcae5af51b67d65cecbdef5b99800863d6e13
-
SSDEEP
24576:YyypR8zly/ndgziz1gXy5ksWJwdJKgsJl6fYKp1:fypAQnbgX2kt6fYo
Static task
static1
Behavioral task
behavioral1
Sample
3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf
-
Size
1.1MB
-
MD5
d7b87eeedb079ef8ecefdbe3b35ba3f0
-
SHA1
510b4f732541dc7e9de573b905d4caa06037c5e2
-
SHA256
3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf
-
SHA512
65274041ddf2ead4af7e1b87848ba7d4708fff97c383c7b7277b7d629b35cb3a6b8b328d13aa807e7c1856d3ca8dcae5af51b67d65cecbdef5b99800863d6e13
-
SSDEEP
24576:YyypR8zly/ndgziz1gXy5ksWJwdJKgsJl6fYKp1:fypAQnbgX2kt6fYo
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-