Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

SecuriteIn...71.exe

windows7-x64

1

SecuriteIn...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe

  • Size

    1.4MB

  • Sample

    240404-18g1wsbe41

  • MD5

    d492e1fdbf9afc9ea10d4fdfe6981872

  • SHA1

    fde552ecca6352347027e74b27f25623b3b95e3f

  • SHA256

    fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0

  • SHA512

    98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72

  • SSDEEP

    24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv

Score
10/10
redlinezgratbootkitinfostealerpersistenceratspyware

Malware Config

Targets

    • Target

      SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe

    • Size

      1.4MB

    • MD5

      d492e1fdbf9afc9ea10d4fdfe6981872

    • SHA1

      fde552ecca6352347027e74b27f25623b3b95e3f

    • SHA256

      fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0

    • SHA512

      98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72

    • SSDEEP

      24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv

    Score
    10/10
    redlinezgratbootkitinfostealerpersistenceratspyware

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks