Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54
-
Size
758KB
-
Sample
230213-f279aaba97
-
MD5
b4c8b97b7a9590541c364f63db9fcda4
-
SHA1
00e6d2dc2aa2aa04a1c88801c06821708cb03723
-
SHA256
42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54
-
SHA512
b914a298b9e529cf776c34655ba9d2fbed19ee58ae6a2dd03a3b85049ce19adc097f05ce77290523f5a2309d3bb8a6222e00cf1f55b4236f68cb0fbe98b0e495
-
SSDEEP
12288:/Mrgy90DT2QynJoTvJrY2ZSChFBsVKsKKI6F5r+t3H9c+R39srPREMHiqbb8VimB:7y9nJo9Yq5BsV7rG3HF59CdHheiQ
Static task
static1
Behavioral task
behavioral1
Sample
42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
cr2
176.113.115.17:4132
-
auth_value
4bf573d6f5ab16f3b5e36da6855dc128
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Targets
-
-
Target
42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54
-
Size
758KB
-
MD5
b4c8b97b7a9590541c364f63db9fcda4
-
SHA1
00e6d2dc2aa2aa04a1c88801c06821708cb03723
-
SHA256
42446d3f1f28d14d2494a98807c9c2137823f8426e2a5d0d88bc878eeb411c54
-
SHA512
b914a298b9e529cf776c34655ba9d2fbed19ee58ae6a2dd03a3b85049ce19adc097f05ce77290523f5a2309d3bb8a6222e00cf1f55b4236f68cb0fbe98b0e495
-
SSDEEP
12288:/Mrgy90DT2QynJoTvJrY2ZSChFBsVKsKKI6F5r+t3H9c+R39srPREMHiqbb8VimB:7y9nJo9Yq5BsV7rG3HF59CdHheiQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-