Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2024, 04:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cd26d1159f20d37cca1aa22af82cf6a3.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
cd26d1159f20d37cca1aa22af82cf6a3.exe
-
Size
309KB
-
MD5
cd26d1159f20d37cca1aa22af82cf6a3
-
SHA1
f24612e9ae118b4a885c3983022d33da0009a70a
-
SHA256
5d7e056cab62d45da796272f782b92fdba8c38827e678fa1273c0ccb71aa6d83
-
SHA512
171da49fd4d34e07bd50c46f27b08d1fb96f4d65706fee68ac76c7ab068c89cefa0a97034b4d8a2bc326174ead329a009ad94993d782e2bf5e3e291f7a32d515
-
SSDEEP
6144:KhLDRPVxtbyDT9B70uWaHfwkLhpgsgFVg8FY6xA:Khvdt+70u/H5S4
Malware Config
Extracted
Family
redline
Botnet
zaliv
C2
185.244.216.219:33828
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral2/memory/1624-3-0x0000000003D10000-0x0000000003D36000-memory.dmp family_redline behavioral2/memory/1624-7-0x0000000003EE0000-0x0000000003F04000-memory.dmp family_redline -
SectopRAT payload 4 IoCs
resource yara_rule behavioral2/memory/1624-3-0x0000000003D10000-0x0000000003D36000-memory.dmp family_sectoprat behavioral2/memory/1624-5-0x0000000003F30000-0x0000000003F40000-memory.dmp family_sectoprat behavioral2/memory/1624-7-0x0000000003EE0000-0x0000000003F04000-memory.dmp family_sectoprat behavioral2/memory/1624-9-0x0000000003F30000-0x0000000003F40000-memory.dmp family_sectoprat