Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562
-
Size
1.1MB
-
Sample
231121-pgmlhsed35
-
MD5
70af13c890c5081da2091516841af307
-
SHA1
594f38460e233676ee60e09a0e7bc6e0c4dd2428
-
SHA256
89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562
-
SHA512
31104d94f244cb8ad36559f88ce9226733124cfa0db10d286c716c79794695f3e791e9e16622f8741c16c1b3982fd45bd9acf0390ea4cbb6f7f6d062ad73bd8d
-
SSDEEP
24576:CyNsrxUbbGlC5nHLNyoupccfuC7Px0riP+hniTx1Ej/N5bHFIo:pNskbNxyo3jGx0g+64zND
Static task
static1
Behavioral task
behavioral1
Sample
89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562
-
Size
1.1MB
-
MD5
70af13c890c5081da2091516841af307
-
SHA1
594f38460e233676ee60e09a0e7bc6e0c4dd2428
-
SHA256
89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562
-
SHA512
31104d94f244cb8ad36559f88ce9226733124cfa0db10d286c716c79794695f3e791e9e16622f8741c16c1b3982fd45bd9acf0390ea4cbb6f7f6d062ad73bd8d
-
SSDEEP
24576:CyNsrxUbbGlC5nHLNyoupccfuC7Px0riP+hniTx1Ej/N5bHFIo:pNskbNxyo3jGx0g+64zND
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-