Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

WhatsApp-cleaned.exe

windows7-x64

10

WhatsApp-cleaned.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    253dac045440d4f57c049b87c90f3665c7bb26f8822e71d2b512f4b7f31fc3c0

  • Size

    3.6MB

  • Sample

    241108-wkrg7syqhr

  • MD5

    77526e613ea288bb1d71984839242425

  • SHA1

    358c9deda98ef5c705447d6272711a7f23860a59

  • SHA256

    253dac045440d4f57c049b87c90f3665c7bb26f8822e71d2b512f4b7f31fc3c0

  • SHA512

    909566f561c332c982df8fbb7fc2f1734eeac7741685948bc67ca9a8ba2e1c93419ceae15775fff6e45e0af24c98e507d5e8b54578a22bc7961f25c1ed7d00e7

  • SSDEEP

    98304:bVMx9l4O6n0g0tvKmzqdpUV901+ShY5Bk1NtVlB:Cp4O6nKzk5hkWvt7B

Score
10/10
redlinezgratws-19agilenetdiscoveryinfostealerrat

Malware Config

Extracted

Family

redline

Botnet

ws-19

C2

38.91.100.57:32750

Attributes
  • auth_value

    b8974207e31b05e60d39e04eba8eeb0b

Targets

    • Target

      WhatsApp-cleaned.bin

    • Size

      3.9MB

    • MD5

      eb98e1dcc374d67e71a85ecc848034ec

    • SHA1

      002409d45df360fb9902fb60bb316a863c735aa2

    • SHA256

      078bbd30cad5587f8dcde105e04046cc56f8d3cef527993faec4341920e6a8eb

    • SHA512

      1f168da8f33084c04d7963528bd29fcd81cb6b7e63534096053b1726ebd33b417f4089c16884e1e9d6e4a055c298ccea1f0d22f7970ff951d63efcd4e7f8b76d

    • SSDEEP

      98304:oCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJ:o2qM+idivVNKbZfREVtc0PJ

    Score
    10/10
    redlinezgratws-19agilenetdiscoveryinfostealerrat

    • Detect ZGRat V2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Zgrat family

      zgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.