Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
920c83427ee1c2fbca5ba133cd0a81e0N.exe
-
Size
312KB
-
Sample
240814-kqpp1sshpa
-
MD5
920c83427ee1c2fbca5ba133cd0a81e0
-
SHA1
a80c9af32fde695b69d796480aa745a5980ff21b
-
SHA256
4ece875dbe10d89c3d1607e04761ed621a00eaa2a42ec6296f9074355abf2264
-
SHA512
b3b1346884c35bbbd1a05328cca13bdc1611ee202c51d279518c7107faa6ffb67396c4615b77d68cb7a769fd6ca16496cef87c5e3b167416f015e37df07c8548
-
SSDEEP
6144:GMfvtBFDroOhihDABtLQZu+Uu4+t9ku4jHDdwhnpTa7bL2S/cNVHJS0B0iiARo:GwBFDzMhFs/+yjHR89az2fNVHJP+it
Static task
static1
Behavioral task
behavioral1
Sample
920c83427ee1c2fbca5ba133cd0a81e0N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
920c83427ee1c2fbca5ba133cd0a81e0N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
@exelzt
185.215.113.22:80
Targets
-
-
Target
920c83427ee1c2fbca5ba133cd0a81e0N.exe
-
Size
312KB
-
MD5
920c83427ee1c2fbca5ba133cd0a81e0
-
SHA1
a80c9af32fde695b69d796480aa745a5980ff21b
-
SHA256
4ece875dbe10d89c3d1607e04761ed621a00eaa2a42ec6296f9074355abf2264
-
SHA512
b3b1346884c35bbbd1a05328cca13bdc1611ee202c51d279518c7107faa6ffb67396c4615b77d68cb7a769fd6ca16496cef87c5e3b167416f015e37df07c8548
-
SSDEEP
6144:GMfvtBFDroOhihDABtLQZu+Uu4+t9ku4jHDdwhnpTa7bL2S/cNVHJS0B0iiARo:GwBFDzMhFs/+yjHR89az2fNVHJP+it
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2