Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
18c79cb75b6c6ff5decbac074fbf185cd7bd3d447eff2a8b98d497bb9d20956b
-
Size
536KB
-
Sample
230301-r3s2jagb6s
-
MD5
590cb7e81d36ef373ab1deaf45d60a23
-
SHA1
a30184f197b4c81ebadd535d2c944ae72877ca03
-
SHA256
18c79cb75b6c6ff5decbac074fbf185cd7bd3d447eff2a8b98d497bb9d20956b
-
SHA512
75d0628fbfd14cca95ee81cc428c57aa8348576b3f158aa542ce73c5fd973baea0d5bcf336ba713ac12796e56233be9f96a0a74cab01441aaf1d1cc4fa182060
-
SSDEEP
12288:CMrPy90FKd7qVTjI0V1G32dmYiCLSxiqkQB:pym5V40VY32dziCFbQB
Static task
static1
Behavioral task
behavioral1
Sample
18c79cb75b6c6ff5decbac074fbf185cd7bd3d447eff2a8b98d497bb9d20956b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Extracted
redline
forma
193.233.20.24:4123
-
auth_value
50b8e065d7cb1e9e30786f7a370368f9
Targets
-
-
Target
18c79cb75b6c6ff5decbac074fbf185cd7bd3d447eff2a8b98d497bb9d20956b
-
Size
536KB
-
MD5
590cb7e81d36ef373ab1deaf45d60a23
-
SHA1
a30184f197b4c81ebadd535d2c944ae72877ca03
-
SHA256
18c79cb75b6c6ff5decbac074fbf185cd7bd3d447eff2a8b98d497bb9d20956b
-
SHA512
75d0628fbfd14cca95ee81cc428c57aa8348576b3f158aa542ce73c5fd973baea0d5bcf336ba713ac12796e56233be9f96a0a74cab01441aaf1d1cc4fa182060
-
SSDEEP
12288:CMrPy90FKd7qVTjI0V1G32dmYiCLSxiqkQB:pym5V40VY32dziCFbQB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-