Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76
-
Size
724KB
-
Sample
230211-zbs68ahg43
-
MD5
deb0f3b739c1833a249a5d2f6f85d787
-
SHA1
0b7fe66a2d4ccd0ff6762a771a5e1959715a6674
-
SHA256
92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76
-
SHA512
3225b1d791805b718739573aec80486a6627fe50822e62b1232b8343bbb5f43ccf3989563afb60258498527a57a169048634dd740ee0200d42cbc3561f2160db
-
SSDEEP
12288:kMrMy90scq0F2XbX2O1GN2yNvX88vdRIPIObrKCA5EIhAC5HiHn:Yyyq0F2XbGOGN2yp88vdRIwBtOIhg
Static task
static1
Behavioral task
behavioral1
Sample
92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76
-
Size
724KB
-
MD5
deb0f3b739c1833a249a5d2f6f85d787
-
SHA1
0b7fe66a2d4ccd0ff6762a771a5e1959715a6674
-
SHA256
92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76
-
SHA512
3225b1d791805b718739573aec80486a6627fe50822e62b1232b8343bbb5f43ccf3989563afb60258498527a57a169048634dd740ee0200d42cbc3561f2160db
-
SSDEEP
12288:kMrMy90scq0F2XbX2O1GN2yNvX88vdRIPIObrKCA5EIhAC5HiHn:Yyyq0F2XbGOGN2yp88vdRIwBtOIhg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-