Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4
-
Size
275KB
-
Sample
220919-yc52qsedh3
-
MD5
e5ad0581866dbb7f3f3da091adfb722e
-
SHA1
2a4afa15b8589c7af2993188e67b6e4dec70c287
-
SHA256
1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4
-
SHA512
4c7c58df3321e3ce62992c51166d07bfca86b871c9e338398d62da21fbfa2380cd70e6de6e9800d496bfe6227efecf5b6912765f5a33a0ef6c0a7c73f6e2f9b4
-
SSDEEP
6144:cLU496hd7Y8wA+lXp58Z0WGigavwVfDd:cLUaC5YhzL5R+q
Static task
static1
Behavioral task
behavioral1
Sample
1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
new
194.87.71.159:19532
-
auth_value
0889ae494d48e4325078e3f599f31af1
Targets
-
-
Target
1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4
-
Size
275KB
-
MD5
e5ad0581866dbb7f3f3da091adfb722e
-
SHA1
2a4afa15b8589c7af2993188e67b6e4dec70c287
-
SHA256
1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4
-
SHA512
4c7c58df3321e3ce62992c51166d07bfca86b871c9e338398d62da21fbfa2380cd70e6de6e9800d496bfe6227efecf5b6912765f5a33a0ef6c0a7c73f6e2f9b4
-
SSDEEP
6144:cLU496hd7Y8wA+lXp58Z0WGigavwVfDd:cLUaC5YhzL5R+q
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-