Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe
-
Size
15.3MB
-
Sample
231120-qhsplaha71
-
MD5
ef9428407424cc578442727f6fe3bc5e
-
SHA1
ba6599fbc6a77b1973b1e1b58e2a9cb0655467c0
-
SHA256
5a4da54758f9a1a86f382cc9808e3f8e925376693555e9f834807ca352ca761c
-
SHA512
c3a2a5ee6cd269fc86a49e8c5759e24074df0321a1e40c3eff2bedabaec074c253d9a43dfe4a0bfad03f50c8a5c0b70a8151826e77877d26b4e090bcb798e8e6
-
SSDEEP
393216:CaFCt7regPFRhBfvhIq4zvAkXxj5dbwUWs6QxF6iu:RFcTP7LidzIwHTWlQxoz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe
-
Size
15.3MB
-
MD5
ef9428407424cc578442727f6fe3bc5e
-
SHA1
ba6599fbc6a77b1973b1e1b58e2a9cb0655467c0
-
SHA256
5a4da54758f9a1a86f382cc9808e3f8e925376693555e9f834807ca352ca761c
-
SHA512
c3a2a5ee6cd269fc86a49e8c5759e24074df0321a1e40c3eff2bedabaec074c253d9a43dfe4a0bfad03f50c8a5c0b70a8151826e77877d26b4e090bcb798e8e6
-
SSDEEP
393216:CaFCt7regPFRhBfvhIq4zvAkXxj5dbwUWs6QxF6iu:RFcTP7LidzIwHTWlQxoz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-