Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e.exe
-
Size
5.8MB
-
Sample
221017-q93zmscac7
-
MD5
3e1a211e78c3fb60c8f7b52663fa741e
-
SHA1
068fb47cf931e4788010d55a32ed9b74d3777df7
-
SHA256
0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e
-
SHA512
b15702739ae6fd6108fa6d4967f7613ccbc171056a3dd81de21681f480e92be475586fd2a083c12b26648a29db2377f23dd36e2889d172c9e82df959fc5ba409
-
SSDEEP
98304:eT8TT3cExPT2uW5MI079g+DomNbpN3yjwQOF/lvlXAWCwFb8M7kwhi6zlUk5SoYp:eTM3PoL2V76+DjnNgwQ+dtLZ7kwg6JUX
Behavioral task
behavioral1
Sample
0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
+new10
95.217.81.67:15781
-
auth_value
71466e289c1fa2064de510a850454a2a
Targets
-
-
Target
0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e.exe
-
Size
5.8MB
-
MD5
3e1a211e78c3fb60c8f7b52663fa741e
-
SHA1
068fb47cf931e4788010d55a32ed9b74d3777df7
-
SHA256
0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e
-
SHA512
b15702739ae6fd6108fa6d4967f7613ccbc171056a3dd81de21681f480e92be475586fd2a083c12b26648a29db2377f23dd36e2889d172c9e82df959fc5ba409
-
SSDEEP
98304:eT8TT3cExPT2uW5MI079g+DomNbpN3yjwQOF/lvlXAWCwFb8M7kwhi6zlUk5SoYp:eTM3PoL2V76+DjnNgwQ+dtLZ7kwg6JUX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-