Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759
-
Size
3.4MB
-
Sample
220921-mnpy4sgbc6
-
MD5
99e8524684e7dd23aee250e89373ad61
-
SHA1
7ee72012f80ed456c2205cb7a19386936f77f776
-
SHA256
68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759
-
SHA512
c21738a00f79c505abf254ff3aa639b432b203decedbf5c4596f6e6282cbe3c90d0d2cd33295bced4e999c471b0f2b42ef7484af0fc026df7be434abfc003c8f
-
SSDEEP
49152:4hnmfoP0PBHeRwUTCbrnyZQI4Wx99s/ijLo:4hnmfoP0PBHeRwUCbryZQI4Wx99s/i
Static task
static1
Malware Config
Extracted
redline
sep16as1
185.215.113.122:15386
-
auth_value
01795623e4e3747594c759aa084bc4a0
Targets
-
-
Target
68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759
-
Size
3.4MB
-
MD5
99e8524684e7dd23aee250e89373ad61
-
SHA1
7ee72012f80ed456c2205cb7a19386936f77f776
-
SHA256
68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759
-
SHA512
c21738a00f79c505abf254ff3aa639b432b203decedbf5c4596f6e6282cbe3c90d0d2cd33295bced4e999c471b0f2b42ef7484af0fc026df7be434abfc003c8f
-
SSDEEP
49152:4hnmfoP0PBHeRwUTCbrnyZQI4Wx99s/ijLo:4hnmfoP0PBHeRwUCbryZQI4Wx99s/i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-