Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
3888-2460-0x0000000000140000-0x000000000017C000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
3888-2460-0x0000000000140000-0x000000000017C000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
3888-2460-0x0000000000140000-0x000000000017C000-memory.dmp
-
Size
240KB
-
MD5
eb34c72496a649c12ecfeae61244611f
-
SHA1
4b757eaf822fe138822d23b06e344bbc5be0f6f4
-
SHA256
265e0c51dc90c6f6d911a324a26cb4a2da10b6c4f9c89df8ca3725ef3ba9ac6f
-
SHA512
3320353e9fab3c8d12bad3493c7d5d2273c6292765585f0573dd89040d90a98be844cb2c368e57f3f265e47537a644149e28d12626fb1cf947a9b6f9c9ee5302
-
SSDEEP
6144:tC4gdz070NgcoTrFzO2DzzzzzzHLzzzzzzzrzzzzzzzzzzzzzDzzzzzzL7z30yfE:pO5NgcoTrp9LrorsI
Malware Config
Extracted
redline
LiveTraffic
77.105.132.87:6731
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3888-2460-0x0000000000140000-0x000000000017C000-memory.dmp
Files
-
3888-2460-0x0000000000140000-0x000000000017C000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ