Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe
-
Size
1.4MB
-
Sample
240404-18g1wsbe41
-
MD5
d492e1fdbf9afc9ea10d4fdfe6981872
-
SHA1
fde552ecca6352347027e74b27f25623b3b95e3f
-
SHA256
fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0
-
SHA512
98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72
-
SSDEEP
24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe
-
Size
1.4MB
-
MD5
d492e1fdbf9afc9ea10d4fdfe6981872
-
SHA1
fde552ecca6352347027e74b27f25623b3b95e3f
-
SHA256
fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0
-
SHA512
98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72
-
SSDEEP
24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-