Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6.exe
-
Size
556KB
-
Sample
240726-sseltswckn
-
MD5
f0069a191eadd5025d83987fea4f30a2
-
SHA1
c7d36631d43d029554434fa85607fab7c9a7f45a
-
SHA256
127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6
-
SHA512
e820f2595e7d389794ef0ebd1b6606c0093085c745d7009831006e267ba316af1aae4fcf5868d1d3d23d5adb16570ab4c06c54997e1b13082eb538b98e73853d
-
SSDEEP
12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz
Static task
static1
Behavioral task
behavioral1
Sample
127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
Roly
91.92.248.117:65012
Targets
-
-
Target
127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6.exe
-
Size
556KB
-
MD5
f0069a191eadd5025d83987fea4f30a2
-
SHA1
c7d36631d43d029554434fa85607fab7c9a7f45a
-
SHA256
127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6
-
SHA512
e820f2595e7d389794ef0ebd1b6606c0093085c745d7009831006e267ba316af1aae4fcf5868d1d3d23d5adb16570ab4c06c54997e1b13082eb538b98e73853d
-
SSDEEP
12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-