Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787
-
Size
838KB
-
Sample
230210-vqhltabf71
-
MD5
8d6b247e8d3fb7f100eb8695b4acaf77
-
SHA1
03844f5ca6a7f9203825724ac4e32ccb369b31b3
-
SHA256
f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787
-
SHA512
ea374fb0007f0021b455d7c80bcf74fb77250fe330164932ee33a6c2430c255ee8ff5ee1a6f89679c22e0347873f8714a044101ff3402c8f6230f9f748e82db9
-
SSDEEP
12288:YMrPy90m6K8CXPSdLcidfTYCO+rOnbtRwTHakPutNp16eYLU3HSEdAgCC:3yJ6PCGc2f7O+YpRM6quPrHwcRCC
Static task
static1
Behavioral task
behavioral1
Sample
f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
crypt1
176.113.115.17:4132
-
auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86
Targets
-
-
Target
f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787
-
Size
838KB
-
MD5
8d6b247e8d3fb7f100eb8695b4acaf77
-
SHA1
03844f5ca6a7f9203825724ac4e32ccb369b31b3
-
SHA256
f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787
-
SHA512
ea374fb0007f0021b455d7c80bcf74fb77250fe330164932ee33a6c2430c255ee8ff5ee1a6f89679c22e0347873f8714a044101ff3402c8f6230f9f748e82db9
-
SSDEEP
12288:YMrPy90m6K8CXPSdLcidfTYCO+rOnbtRwTHakPutNp16eYLU3HSEdAgCC:3yJ6PCGc2f7O+YpRM6quPrHwcRCC
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-