Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335
-
Size
771KB
-
Sample
230213-ttavpsdh2t
-
MD5
b0722d2332adef5469aa3d86082900ef
-
SHA1
3e151bdaa742b724fbb4613aaafe50e3d4722a68
-
SHA256
b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335
-
SHA512
42c80b9cbc557746af62de106fa48947c6768ac1ca582f857e841139be3512f5cc3c3849b2df92b274a6ccb4d9874ac025d00e55a57047837038d65362e3aeb0
-
SSDEEP
12288:rMr1y90KftCqg2A9yQZ4ZTumbaYjdsn6pGepZJ5q+2Lhe3v9X+pSDTSt:my7tCqgt4QZWh32njAw+21au2St
Static task
static1
Behavioral task
behavioral1
Sample
b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
cr2
176.113.115.17:4132
-
auth_value
4bf573d6f5ab16f3b5e36da6855dc128
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Targets
-
-
Target
b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335
-
Size
771KB
-
MD5
b0722d2332adef5469aa3d86082900ef
-
SHA1
3e151bdaa742b724fbb4613aaafe50e3d4722a68
-
SHA256
b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335
-
SHA512
42c80b9cbc557746af62de106fa48947c6768ac1ca582f857e841139be3512f5cc3c3849b2df92b274a6ccb4d9874ac025d00e55a57047837038d65362e3aeb0
-
SSDEEP
12288:rMr1y90KftCqg2A9yQZ4ZTumbaYjdsn6pGepZJ5q+2Lhe3v9X+pSDTSt:my7tCqgt4QZWh32njAw+21au2St
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-