Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2e2693e2b3805e55b01dc22afed31a18b22d9d97beb9e581e1a7c05cd864f102
-
Size
528KB
-
Sample
230214-ml6tvacf77
-
MD5
38d0a603b47656510ee5a6f43f357ea7
-
SHA1
01df5ef71c6f1991eb6ff9f1fbd0f507436bc1b7
-
SHA256
2e2693e2b3805e55b01dc22afed31a18b22d9d97beb9e581e1a7c05cd864f102
-
SHA512
768d1e471b924fdead96f3b0f101eb990a39d1837810d43fb3901f2fef639875fd1ba2d1661856ade2617160e6cbfe1fda3369712f97519726016a15d1cc32d5
-
SSDEEP
12288:EMrky90pI6HDDhdizNnZKrETGXMvgD1se79lrLVOSm1eyJ6:4yoWZsEicvgnZ951
Static task
static1
Behavioral task
behavioral1
Sample
2e2693e2b3805e55b01dc22afed31a18b22d9d97beb9e581e1a7c05cd864f102.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Extracted
redline
dubka
193.233.20.13:4136
-
auth_value
e5a9421183a033f283b2f23139b471f0
Targets
-
-
Target
2e2693e2b3805e55b01dc22afed31a18b22d9d97beb9e581e1a7c05cd864f102
-
Size
528KB
-
MD5
38d0a603b47656510ee5a6f43f357ea7
-
SHA1
01df5ef71c6f1991eb6ff9f1fbd0f507436bc1b7
-
SHA256
2e2693e2b3805e55b01dc22afed31a18b22d9d97beb9e581e1a7c05cd864f102
-
SHA512
768d1e471b924fdead96f3b0f101eb990a39d1837810d43fb3901f2fef639875fd1ba2d1661856ade2617160e6cbfe1fda3369712f97519726016a15d1cc32d5
-
SSDEEP
12288:EMrky90pI6HDDhdizNnZKrETGXMvgD1se79lrLVOSm1eyJ6:4yoWZsEicvgnZ951
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-