Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
005453fd6cf9cb6729231f920a3bb7d9
-
Size
625KB
-
Sample
231229-wz7sqshddj
-
MD5
005453fd6cf9cb6729231f920a3bb7d9
-
SHA1
def31d858156623f6bf41f6b7e1f3acdec810361
-
SHA256
b457dd4a687c867a8d664eb9d1200e3a78f7dc48c96d4da5a5b8247954011b42
-
SHA512
cf1e593f638e0c080caccbe8f14b2eeca8e22bcb01b95437171e22772d3c0ce70e8f979a891fa64f80e40ed123bc8a20329b9d1264be6b6670a8fe7012766003
-
SSDEEP
12288:zgvDXFxC7b94xV+1XGoODYOqvG3YqBxGmZjLhxTQUZWqYqEsYh19zki6p:zgJS99ODn
Static task
static1
Behavioral task
behavioral1
Sample
005453fd6cf9cb6729231f920a3bb7d9.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
31.08
95.181.152.47:15089
Extracted
redline
�━�⠄έ�爊Ꭹ瀀≾�⠊G坲�Ṱ劍�━죐�⠄έ�⠊`㠨�漊Ģ爇Ꮉ
ခ��潩̀ Ā縚"*〛¥�4ᄀ텳�ਊ猆ħ܋ㅲ⡰d㑲繰"䝯�Ἂ贤RĀ퀥ãЀḨ�猊ꥲ繰"䜨�爊W瀀贞RĀ퀥ÈЀḨ�猊怨�⠊8≯܆륲⡰⬀ረ�猫⑯܆漖Ħ漇ÔϞ�*�ခ��ꂚ̀ ĀȞⰨ⨆縚"*〛v�4ᄀ텳�ਊ猆ħ܋앲⡰d虲繰"䝯�Ἂ贉RĀ퀥´ЀḨ�猊㠨�漊Ģ爇Ꮉ瀀ᄨ�⠫⬀έ�漊Ĥᘇ♯܆푯��☃Þ⨆�ခ��煫̀ ĀȞⰨ⨆〓ƪ�5ᄀ佳ਆ༟岍�│ᐖ۾Å䭳ꈆᜥ︔옆�猆ɋ▢ᐘ۾Ç䭳ꈆᤥ︔젆�猆ɋ▢ᐚ۾É䭳ꈆᬥ︔쨆�猆ɋ▢ᐜ۾Ì䭳ꈆᴥ︔촆�猆ɋ▢ᐞ۾Î䭳ꈆἥᐉ۾Ï䭳ꈆἥᐊ۾Ð䭳ꈆἥᐋ۾Ñ䭳ꈆἥᐌ۾Ò䭳ꈆἥᐍ۾Ó䭳ꈆἥᐎ۾Ë䭳ꈆ픨�ᰆ岍�│ᐖ۾Ä䭳ꈆᜥ︔숆�猆ɋ▢ᐘ۾Á䭳ꈆᤥ︔쀆�猆ɋ▢ᐚ۾¿䭳ꈆᬥ︔쌆�猆ɋ⢢×猆㉽⠄Ô︆倆猆äጨ�⠫⬀픨�⠆Ö︆儆猆äጨ�⠫⬀휨�⨆�〛ĩ�6ᄀ猄ǃ猥¢꙯┆ᥳ�漊Ʈ猥7끯┆ꍳ�漊ǂ猥£뙯┆ꑳ�漊Ʋ猥£쁯┆㝳�漊ƺ猥£뱯┆ꉳ�漊ƪ猥£빯┆ꍳ�漊ƴ猥£롯┆ꉳ�漊Ƥ猥¢ꡯ┆ꕳ�漊Ƭ̆⠄½⠄IШІ䭱�⠂ú혨�ਆଖᜫ܆ಚȈЃ䱯�稄�܀堗܋踆㉩ˣ焄KȀは�ᜆخ꙳�稊̂⠄¾ᜦ�稆ᘦ�ऀ*�摁���æ��ñ��Ā��æ��ò��Ā����ġ�ġ��Ā����ġ�Ģ��Ā〓ė�!ᄀ̨ਆ؆կ⠆;࠭漆ȅԫŲ�潰Ȇ؆ݯ⠆;࠭漆ȇԫŲ�潰Ȉ؆९⠆;࠭漆ȉԫŲ�潰Ȋ؆୯⠆;࠭漆ȋԫŲ�潰Ȍ漂ƚⴥ☄⬖⠈§︖Ⰲș驯؆९漆¨ج⠖©漂Ɯⴥ☄⬖⠈§︖Ⰲș鱯؆կ漆¨ج⠖©կ⠆Ǽݯ⠆Ǹ९⠆Ƕ୯⠆Ȁ*〛3�6ᄀ퐨�ਆଖᜫ܆ಚȈЃ䱯�稄�܀堗܋踆㉩៣�稆ᘦ�ऀ*㐁��ᤋĀĀ�ᨋ̀Ā��⬫ĀĀ��ⰫԀĀҾꨨ�⠊«ന⠆`┨�爆ΰ瀀≾�漊G⨆ц갨�漊Ȩ⨆҆긨�漊¯끯�⠊ǰ⠄Ĕ⨆〓���縄ĴЀ퀖QĀ넨�퀊"Ȁ넨�⠊²댨�耊ĴЀ㑾笄´㑾縄ijЀ〭爖瀀퀔"Ȁ넨�ᜊ蒍�━ᘖ⠔µ⢢¶뜨�耊ijЀ㍾笄¸㍾⠄Ā륯�漊º⨆ц묨�漊¼﨨⨆вꬨ�⠊Ǭ*�〛Î�"ᄀꕳ�ਊਨ漆½⬋ሏ⠁¾،漈¿Ē쀨�ⴊ�ሎ︁☖�漛 ⣜ċ뵯�ଊ༫Ē븨�ഊआ뽯�ሊ⠁ÀໞĒ&ᬀ੯��猆NJГБట劍�━꿐�⠄έ�漊DžБ漗ljБጨ漆LJБ뽯�Ȋ漆7ᠥ࠳̂⠄Å㌙猆¦⩺�ᰁ�ⴜ��F戜��ʆన漆8ᠥ࠳̂⠄Æ㌙猆¦⩺ʆᄨ漆9ᠥ࠳̂⠄Ç㌙猆¦⩺ʶ༨┆Эᐦԫନ�漫4ᠥ࠳̂⠄È㌙猆¦⩺ʆศ漆=ᠥ࠳̂⠄É㌙猆¦⩺ʆረ漆:ᠥ࠳̂⠄Ê㌙猆¦⩺Φ蹯ⰆȠĨ漆1ᠥ࠳̂⠄Ë㌙猆¦⩺〓9�#ᄀ漃Ɛ〬贗3Ȁᘥ魳�ꈆ耨�ਆ䅯�┆㌘ȈЃ차�ᤆس꙳�稊*�〓M�$ᄀ漃Ɔ䐬ᥳ�ਊ̆鹯⠆쉯�؊漃Ơന�漆Â㉯�┆㌘ȈЃ촨�ᤆس꙳�稊븪漃ƈ☬̂顯⠆㽯�┆㌘ȈЃ츨�ᤆس꙳�稊ꘪ漃Ɗ⠂ 㙯�┆㌘ȈЃ켨�ᤆس꙳�稊*〓¦�%ᄀ漃ƌ騹�猀؊漃ƞ遯�ἆ贌3Ȁᘥ蝳�ꈆᜥ詳�ꈆᠥ鑳�ꈆᤥꁳ�ꈆᨥꍳ�ꈆᬥ꙳�ꈆᰥ걳�ꈆᴥ꽳�ꈆḥ뉳�ꈆἥ猉▢ਟ赳�ꈆἥ؋⢢ȋ漇3ᠥ࠳̂⠄Ð㌙猆¦⩺ϖ陯ⰆȬ鸨�┆Эᐦԫన�漫5ᠥ࠳̂⠄Ñ㌙猆¦⩺Ϟ鑯ⰆȮ贗3Ȁᘥꭳ�ꈆ耨�漆@ᠥ࠳̂⠄Ò㌙猆¦⩺〓I���漃ƒ䀬⠂㭯�☆ᜂ㎍�│猖·⢢㱯�☆ᜂ㎍�│猖º⢢㹯�☆ᨪ�⨄Ȟ�⨄縚ЀḪ耂ЀḪ⠂Ü*〛j�7ᄀ⠂cἂ贖aĀ퀥ěЀḨ�紊Ѐṳਆ漃ė�紊ЀⰆ؆੯��Ȃဟ⠘àཽ�Ȅἂᨸ�紆 Ѐἂ橤��⨆�ခ�$㠔��〛[�8ᄀਕ笂Ѐ榎夗ᘋ⬌Ȭၻ�ࠄ澚æ㩯�Њ�漊:�ⴊࠄ⬊ࠈ堗ࠌㄇې㌕ᐄ�Ȑ��ആמᐦ�ऀ*ခ���呔Ԁ Ā〛I�ᄀȃቻ�踄㉩ᐄ�и笂Ѐ較9Ȁ⥻�踄⽩ȕቻ�̄㦏�笂)Ѐ騄īਔ爦ᄘ瀀�*�ခ���㸾ऀ ĀȦቻ�踄⩩�〛Ѳ�9ᄀ笂Ѐ訃ᾑ䀍ϖ�̂ᥩᡘ�ᜆ奪੭ଖ笂Ѐ∬笂Ѐ榎ȋቼ�Ȅቻ�踄٩⡘⬀ห堗㦍�紂Ѐఖ簸Ȁ椃堞᠈塚⠘à̍搟ऄ堃ȍ椉�ጆȄ椉Б�☆ंБ४塙樗楘�ጆȅᄉ樄変塪ᅩ⠅âदԑ४塪ፘȆؑ⡩áܓܑࠓᄂ椆ܑ�ጆᐉਓܑؑ奪樗ፘᘋఓ숸�ሀᄊᜌ⡘⬀ࠑ堗ഓᄂ⠍áࠓ㞏�Ȃࠑ�紆%Ѐ㞏�ᄂᄊ輌7Ȁ╻�ἄ樉䌱㞏�笂%Ѐ�Ⰶᄗᄊ輌7Ȁ╻�ἄ樍ᡙ孪⸫㞏�笂%Ѐట奪樘⭛ȗ౻�ᄄᄊ輌7Ȁ╻�퐄溑⑽�ᄄᄋᄈ复塪樗ፘᄋᜌፘᄌᄋ㼉UሹȀቻ�܄堈㦏�ᄂ踊赩QĀ⥽�ᘄณ㠏Ǟ�༑㞏�笂%Ѐट㹪Ŵ�༑㞏�笂%Ѐ�㨆Ą�笂 Ѐ樗嬳笂Ѐࠇ轘9Ȁ⥻�ᄄἏ贌RĀ퀥ĐЀḨ�猊渨�Ȋ�ᄄᄆ堉ฑ塪ᅩᄊ輏7Ȁ⑻�椄�ꈊㄸȀൻ�᠄㍪Ʉቻ�܄堈㦏�笂)Ѐ༑用�Ȋ�ᄄᄆ堉ฑ塪ᅩᄊ輏7Ȁ⑻�椄�ꈊ�Ȁൻ�ᤄ䁪Ö�笂Ѐࠇ轘9Ȁ⥻�ᄄ⠏ê笂Ѐؑऑᅘ樎楘༑㞏�笂$Ѐ潩é㢢�笂Ѐࠇ轘9Ȁ⥻�ᄄἏ贌RĀ퀥ĐЀḨ�猊渨�Ȋ�ᄄᄆ堉ฑ塪ᅩᄊ輏7Ȁ⑻�椄�ꈊ㨫笂Ѐࠇ轘9Ȁ⥻�ᄄȏؑऑᅘ樎楘༑㞏�笂$Ѐ⡩à�ꈊฑ༑㞏�笂$Ѐ塩ณ༑堗༓༑榎夗ᔾࣿ堗ࠌ㸆ﱽ縫笂Ѐ訃ᮑ爳̂標楘⠘à樗浙ဓ⬑ȸ椃టᅘ᠑塚⠘à፭Ȓ̂ሑ塮ᩩ�ᜆ奪笂Ѐ⡚Ýᄦᜑፘᄑᄑㄐ˂̂樞楘⠚à樗əཻ�娄��☆�☆�ᄀ⨓�᱁�����ѩ�ѩ�� Ā〛ю�:ᄀ笂Ѐ퐃ઑᬆമἆ㬍�ⴸȀ椃堙⠘à樗浙ᘋГ堫̂Ὡ堌Б娘ᡘ�洆ԓἃ橤ᬳȂԑ⠚à樗əཻ�娄��⬆ȝ̂ԑ塮ᩩ�ᜆ奪笂Ѐ⡚ÞБ堗ГБㄇʣ̂ṩᩘ�ᜆ奪笂Ѐ⡚Þ鬸Ȁ椃堙⠘à樗ౙഖ笂Ѐ⌬笂Ѐ榎ȍᅼ�Ȅᅻ�踄ࡩ塩堗ᜨ�⬫ȑᜈ塪誺㢍�紂Ѐ樖ؓ㴸Ȁ椃堞ؑᡩ塚⠘àܓἃ橤خܑ堃ܓᄂ椇�ጆȈܑᅩ⠈âȦܑࠑᅪ备塪⡩áओᄂᄇ樈ܑ塙樗楘ऑ�☆ܑऑᅪ备樗塘ਓᄂ椊�ጆᄋጋȌᅩ⠋âഓ贛Āณ⬏ᅪᜌፘȐထ�ጆᄌᄎȏထ�鼆ฑ༑ฑ༑ᾖ樉⠱ฑ༑⢖ãฬฑ༑ᾖ樍ᡙ孪ᰫฑ༑ᾖ樌ᡙ孪ห笂Ѐฑ༑풖溑ᆟᜏፘᄏᨏ鄱笂 Ѐ樗മ笂 Ѐ樘��Ȁൻ�ᜄ㍪ɑᅻ�ऄؑ塩㢏�ἂ贌RĀ퀥ĐЀḨ�猊渨�Ȋ�ᄄᄊ堍ฑ阖楘ฑ
Targets
-
-
Target
005453fd6cf9cb6729231f920a3bb7d9
-
Size
625KB
-
MD5
005453fd6cf9cb6729231f920a3bb7d9
-
SHA1
def31d858156623f6bf41f6b7e1f3acdec810361
-
SHA256
b457dd4a687c867a8d664eb9d1200e3a78f7dc48c96d4da5a5b8247954011b42
-
SHA512
cf1e593f638e0c080caccbe8f14b2eeca8e22bcb01b95437171e22772d3c0ce70e8f979a891fa64f80e40ed123bc8a20329b9d1264be6b6670a8fe7012766003
-
SSDEEP
12288:zgvDXFxC7b94xV+1XGoODYOqvG3YqBxGmZjLhxTQUZWqYqEsYh19zki6p:zgJS99ODn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-