Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
89458108aa7bf24a3610b1038af4dbd3.exe
-
Size
514KB
-
Sample
230203-p6c4dafd56
-
MD5
89458108aa7bf24a3610b1038af4dbd3
-
SHA1
96986ce94f2a2adc2d6d200bb19cf60a6a41dd0d
-
SHA256
4c71088d4df1a7c43f0d563634305a8ddce0ebaebaf2df7bcb4d972c55d91267
-
SHA512
833d20cf1b861a46b42b4414ae3942d1007129140ce41a7c3812a6f2fe4027e98b882e052f302405e451bacba9d5ef79ab9b920a31e8366b5114b71947b14afe
-
SSDEEP
12288:SH8ugFatNmS4mEhDxRQEpuBO+XDKi3he8KXf/g3GwF:ScRmp4mEx7SX0Q3Gw
Static task
static1
Behavioral task
behavioral1
Sample
89458108aa7bf24a3610b1038af4dbd3.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
redko
62.204.41.170:4179
-
auth_value
9bcf7b0620ff067017d66b9a5d80b547
Extracted
amadey
3.66
193.233.20.2/Bn89hku/index.php
Extracted
redline
mixo
176.113.115.16:4122
-
auth_value
f8c6749529d254a59e80682dd4ba63f6
Targets
-
-
Target
89458108aa7bf24a3610b1038af4dbd3.exe
-
Size
514KB
-
MD5
89458108aa7bf24a3610b1038af4dbd3
-
SHA1
96986ce94f2a2adc2d6d200bb19cf60a6a41dd0d
-
SHA256
4c71088d4df1a7c43f0d563634305a8ddce0ebaebaf2df7bcb4d972c55d91267
-
SHA512
833d20cf1b861a46b42b4414ae3942d1007129140ce41a7c3812a6f2fe4027e98b882e052f302405e451bacba9d5ef79ab9b920a31e8366b5114b71947b14afe
-
SSDEEP
12288:SH8ugFatNmS4mEhDxRQEpuBO+XDKi3he8KXf/g3GwF:ScRmp4mEx7SX0Q3Gw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-