Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 09:51
Behavioral task
behavioral1
Sample
XcHvYYrNa.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
XcHvYYrNa.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
XcHvYYrNa.exe
-
Size
300KB
-
MD5
b9a421c6f519b309d05149b5388debc6
-
SHA1
f713cef1b438bc65d33ff7c1532b9ac4f9cd9fa2
-
SHA256
9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f
-
SHA512
25fb917f01e6b2543c47a25561e6ff2f15fe304558281e52694ed26ff046b8fcf74f9a2e023dca41b2f7ceae1349d48ed4cfabe93b9c69582be9c290218acbd6
-
SSDEEP
3072:ycZqf7D34Tp/0+mAWkyYHcQQg3/B1fA0PuTVAtkxz93REeqiOL2bBOA:ycZqf7DItnzXvB1fA0GTV8kHsL
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
SolaraHacked
C2
127.0.0.1:4444
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/1728-1-0x0000000000DD0000-0x0000000000E22000-memory.dmp family_redline