Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc
-
Size
556KB
-
Sample
230217-bxnxmadb62
-
MD5
5aee9e6fb9180410587816989714f8cd
-
SHA1
d651ee613657f05684240f3d46d7300e405c622a
-
SHA256
ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc
-
SHA512
a80ddcd82b2b2a04d059054f539726ff18d6307c138b0c546a860e7c5956c778bfdd20f82709f61235542cd1bf8138ac6837c20ba61f9b20f08bcc6826f228ad
-
SSDEEP
12288:aMrZy903bm+R0st974iU0Quzzqi4WohFIE4tBRXUuN:LyYi2ft9VUozzoWozIEKBRpN
Static task
static1
Behavioral task
behavioral1
Sample
ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
dubka
193.233.20.13:4136
-
auth_value
e5a9421183a033f283b2f23139b471f0
Targets
-
-
Target
ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc
-
Size
556KB
-
MD5
5aee9e6fb9180410587816989714f8cd
-
SHA1
d651ee613657f05684240f3d46d7300e405c622a
-
SHA256
ed9b8ef1b181533f5aeee18bc86039cd4f80840bbac9b15eab46bbb5f205abcc
-
SHA512
a80ddcd82b2b2a04d059054f539726ff18d6307c138b0c546a860e7c5956c778bfdd20f82709f61235542cd1bf8138ac6837c20ba61f9b20f08bcc6826f228ad
-
SSDEEP
12288:aMrZy903bm+R0st974iU0Quzzqi4WohFIE4tBRXUuN:LyYi2ft9VUozzoWozIEKBRpN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-