Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff
-
Size
482KB
-
Sample
240707-tqnmdsxeka
-
MD5
a8f7b3983a78d7d80e23f611b6abdcee
-
SHA1
a7ad42f1777735581e1adeadefcdfd45c4d92162
-
SHA256
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff
-
SHA512
5af20833a07fd610d0f70ca92b8687415b9ed7bd9b8c1c1b2c9d959da73bb085122295e3ba1d7a0a36d14aa8264b95262f66fcc22f4ea18384645768834e5830
-
SSDEEP
12288:m5V2qPu7Ja0ApqVhnKrJAJIwjZfnhBr1klpbIoWSiwPm5sb9OGu46HDsKQefaur+:tqPuU1x
Static task
static1
Behavioral task
behavioral1
Sample
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
@nmrzv88
94.228.166.68:80
Targets
-
-
Target
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff
-
Size
482KB
-
MD5
a8f7b3983a78d7d80e23f611b6abdcee
-
SHA1
a7ad42f1777735581e1adeadefcdfd45c4d92162
-
SHA256
6bc77deea74bc979a027e31d1a3afb594417c8fc366626f538b64a26d6f29fff
-
SHA512
5af20833a07fd610d0f70ca92b8687415b9ed7bd9b8c1c1b2c9d959da73bb085122295e3ba1d7a0a36d14aa8264b95262f66fcc22f4ea18384645768834e5830
-
SSDEEP
12288:m5V2qPu7Ja0ApqVhnKrJAJIwjZfnhBr1klpbIoWSiwPm5sb9OGu46HDsKQefaur+:tqPuU1x
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-