Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fb08319c14a5f5d71c3a080b982e5ddc015affc0c2a785a08e932a6eb75f5c06
-
Size
819KB
-
Sample
230216-eegx5sfc6t
-
MD5
8b879e3bd60681d5c63356bb05c7afe3
-
SHA1
acc8ca556bc1577db4fd3ad1d0e98b085a4d79e3
-
SHA256
fb08319c14a5f5d71c3a080b982e5ddc015affc0c2a785a08e932a6eb75f5c06
-
SHA512
74b9270baec1db5ee67b4f2fba0e7f78dc1cd7f96ca372ccda7f3ecf3dac2408a5d6c32e8979324c0c943d71184281c4bd45f5a3ccc9bedee7c3a360087c201d
-
SSDEEP
24576:+ygniA8tq+VzCTV5cfhuj5U+EuKbfbFzpjB:Ngn3Y1ChGfha5URDpp
Static task
static1
Behavioral task
behavioral1
Sample
fb08319c14a5f5d71c3a080b982e5ddc015affc0c2a785a08e932a6eb75f5c06.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
dubka
193.233.20.13:4136
-
auth_value
e5a9421183a033f283b2f23139b471f0
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
fb08319c14a5f5d71c3a080b982e5ddc015affc0c2a785a08e932a6eb75f5c06
-
Size
819KB
-
MD5
8b879e3bd60681d5c63356bb05c7afe3
-
SHA1
acc8ca556bc1577db4fd3ad1d0e98b085a4d79e3
-
SHA256
fb08319c14a5f5d71c3a080b982e5ddc015affc0c2a785a08e932a6eb75f5c06
-
SHA512
74b9270baec1db5ee67b4f2fba0e7f78dc1cd7f96ca372ccda7f3ecf3dac2408a5d6c32e8979324c0c943d71184281c4bd45f5a3ccc9bedee7c3a360087c201d
-
SSDEEP
24576:+ygniA8tq+VzCTV5cfhuj5U+EuKbfbFzpjB:Ngn3Y1ChGfha5URDpp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-