Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
FireyYoy.zip
-
Size
5.5MB
-
Sample
240714-gc6vla1clb
-
MD5
8f4bae7500e656c693398bf8b351ec5e
-
SHA1
9b0be4cb58a6f1ab0b07c345bfe5925dfb8af61e
-
SHA256
18bc7eedbc38c08acd67766fdb5b10a363ccf3a7a806837d25d9297a4b765c65
-
SHA512
4413c1bd3236070032d9254450a2b566468b0e0b41289813b3648ccabe76ccb9d77a33913babee866d6280574776d974556663dd2b7712d3f117e1b59cab7cef
-
SSDEEP
98304:/aTkBf/5m4ZHHZfCZOuvaaf1fZGsPpRui+zVvM7Qoucb3/XBOd8f15GT+niuvxQb:kk1ZH5fCZSaf7pRuiivYiA3/XAd8f15+
Static task
static1
Behavioral task
behavioral1
Sample
ExtremeHeatV1.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ExtremeHeatV1.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
ExtremeHeatV2.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
ExtremeHeatV2.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
ExtremeHeatV1.exe
-
Size
1.8MB
-
MD5
21b1abb89858efc1d5e208809bc05484
-
SHA1
3500a0d0bcb31bcd272ce12aea424d640bdd457e
-
SHA256
1cd69c6b0dfd033c9867aed55f5ce4fb493dca2196749bd4b17377d85c880030
-
SHA512
edd390234dbab5b81296f01212d71b7f68e6607feee9d8ddde151800a94c1fa2a5126ef5e5cec9e0b68d73b535c41d4343961f89fa0b34d23098dd1cf5588d5b
-
SSDEEP
49152:nI7FaW6jNfNXixBuw+azvycdQNkLuJtSviz+NaHD4EpMriA4tfa+cahYdVqm5RTU:n
Score7/10-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
ExtremeHeatV2.exe
-
Size
1.4MB
-
MD5
ed01f3cf478e4790181271c5a3b7109c
-
SHA1
ddb9fe7c5d9dc6d80408db79ae7375740d834d6d
-
SHA256
a16cca79c64623d15ccbaa9a0a93e9bcb61e6b08a19fb7137bd03a5f6ba24ec4
-
SHA512
2639186903f366e744b77c038e4b6c06f5f482bf1b4ad6d8170fd7fd8a17e7d36d75bf19428125ef030cc4daa90b6f96793a082f175ff28c0a3493237526e844
-
SSDEEP
24576:o/+kQajiTaN0UsfjTcYZqMZQx/OkmuRgsOK1pf/OGQdZUkWNN:nkC0MZQx/OkmuRgsOK1pf/OGQdZUkWNN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-