Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
783KB
-
Sample
230210-mkyrvabc43
-
MD5
806d990edc91fe7cb95ea2e6b86e3533
-
SHA1
540b81b1a4375d9658bf3cd9d0af15ba790ec15b
-
SHA256
77bc01a4eede5bca41a64a18e338570895b9989d7fa21ae94c8998e7e1ff3fa9
-
SHA512
c2296bf0d9502d5cc17380a9822c48e9960c2a982b6e25fd58f5be9eb0bb3417e253e6ad5412b72fa0c190d11891a8613048518fc41fff988a209ef54dfbb934
-
SSDEEP
12288:QMrqy902iD5s9DZThWA3E83N8ClrHamLikFF7HMlqwDL6ztBgEtN:qy+D5s99FWAzdlr93S5cgED
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
file.exe
-
Size
783KB
-
MD5
806d990edc91fe7cb95ea2e6b86e3533
-
SHA1
540b81b1a4375d9658bf3cd9d0af15ba790ec15b
-
SHA256
77bc01a4eede5bca41a64a18e338570895b9989d7fa21ae94c8998e7e1ff3fa9
-
SHA512
c2296bf0d9502d5cc17380a9822c48e9960c2a982b6e25fd58f5be9eb0bb3417e253e6ad5412b72fa0c190d11891a8613048518fc41fff988a209ef54dfbb934
-
SSDEEP
12288:QMrqy902iD5s9DZThWA3E83N8ClrHamLikFF7HMlqwDL6ztBgEtN:qy+D5s99FWAzdlr93S5cgED
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-