Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
1.1MB
-
Sample
221001-vnjq4ahcel
-
MD5
fe83e979df7ebf1ce0eb2e8309154ebc
-
SHA1
5c3528d56036033a77880d06e30734351e8dc328
-
SHA256
6a6ed1777e8edb9ccd43c48335dfabfaf1daeb8c2de0c28ca69b79ab050d39fe
-
SHA512
8fd49690802c7d8a269b1158b55db7aa561c320a689a31e307f0ef20a73b66cf012f2fcbaaf5788e607d6feed97ee1a201b0771d88aa5a657f1ce01ad7eba2bf
-
SSDEEP
24576:sttbQsmZvjUrRjJnY5ucoo3LkNt3Q0NXt25:stqDqJwu83ANFdXk
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
fe83e979df7ebf1ce0eb2e8309154ebc
-
SHA1
5c3528d56036033a77880d06e30734351e8dc328
-
SHA256
6a6ed1777e8edb9ccd43c48335dfabfaf1daeb8c2de0c28ca69b79ab050d39fe
-
SHA512
8fd49690802c7d8a269b1158b55db7aa561c320a689a31e307f0ef20a73b66cf012f2fcbaaf5788e607d6feed97ee1a201b0771d88aa5a657f1ce01ad7eba2bf
-
SSDEEP
24576:sttbQsmZvjUrRjJnY5ucoo3LkNt3Q0NXt25:stqDqJwu83ANFdXk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-