Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb
-
Size
763KB
-
Sample
230213-wfe9daec8y
-
MD5
a9873ea604e50ef59160e4f8978bab2d
-
SHA1
b2793e87c38ab70390a05b9f4b1389b6ff894ffa
-
SHA256
70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb
-
SHA512
5cae394c8e6cf50b18371a8202e0f9e8559e1342e03b9bf59ef6096cf7559e767f25c515ee768625be1d39f28c4543582221ff603629f98debd4c9fea921364c
-
SSDEEP
12288:1Mr5y90RiRxcvOVkbifdDGF9hF4pAo/lVlHbFkmUScmIHzVclCNv2op/hb:wy1P4oG3hCPdxD++lQvdr
Static task
static1
Behavioral task
behavioral1
Sample
70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
cr2
176.113.115.17:4132
-
auth_value
4bf573d6f5ab16f3b5e36da6855dc128
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Targets
-
-
Target
70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb
-
Size
763KB
-
MD5
a9873ea604e50ef59160e4f8978bab2d
-
SHA1
b2793e87c38ab70390a05b9f4b1389b6ff894ffa
-
SHA256
70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb
-
SHA512
5cae394c8e6cf50b18371a8202e0f9e8559e1342e03b9bf59ef6096cf7559e767f25c515ee768625be1d39f28c4543582221ff603629f98debd4c9fea921364c
-
SSDEEP
12288:1Mr5y90RiRxcvOVkbifdDGF9hF4pAo/lVlHbFkmUScmIHzVclCNv2op/hb:wy1P4oG3hCPdxD++lQvdr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-