Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f66c11b84b409c0b2ea602dc96585f2.exe
-
Size
953KB
-
Sample
231126-mgsfnagg76
-
MD5
0f66c11b84b409c0b2ea602dc96585f2
-
SHA1
d96d7df17a0738060d4ddb10d50d60de5db79e02
-
SHA256
ed9c56af756bffebc97edfe6ae977c42e77f5bdaeededc4a9b46186578ecdc34
-
SHA512
aea094b27902a98c26ddef881356ae5498e83036eb05fa169b04efdb3d762f16b220523ca71994ecd5fbfd1d020f96b934f9027ae227e8c725ebc1f50d3b93b3
-
SSDEEP
24576:AyGNQR5BuiZHHXPWFVS252rjBGS8Y5v69Nw2:HUm0iNXPCV6ISy9Nw
Static task
static1
Behavioral task
behavioral1
Sample
0f66c11b84b409c0b2ea602dc96585f2.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
0f66c11b84b409c0b2ea602dc96585f2.exe
-
Size
953KB
-
MD5
0f66c11b84b409c0b2ea602dc96585f2
-
SHA1
d96d7df17a0738060d4ddb10d50d60de5db79e02
-
SHA256
ed9c56af756bffebc97edfe6ae977c42e77f5bdaeededc4a9b46186578ecdc34
-
SHA512
aea094b27902a98c26ddef881356ae5498e83036eb05fa169b04efdb3d762f16b220523ca71994ecd5fbfd1d020f96b934f9027ae227e8c725ebc1f50d3b93b3
-
SSDEEP
24576:AyGNQR5BuiZHHXPWFVS252rjBGS8Y5v69Nw2:HUm0iNXPCV6ISy9Nw
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-