Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5dedf59b9990a24937f8141bed72f5723a710e4f2e8107c13e664321e81fe7ae
-
Size
535KB
-
Sample
230301-vmfytahb88
-
MD5
a7ea9d2012cfa9c142248b1fd2f84685
-
SHA1
47bef3ad663ec38aa73d57674b929ce78d11bd78
-
SHA256
5dedf59b9990a24937f8141bed72f5723a710e4f2e8107c13e664321e81fe7ae
-
SHA512
a481015cf1807af4e331be930136b3f2f90ac224afc7e5c8b2b722717714f677ecc262e759ebe777b8cb1193c8546282e6ca6cd1c9cc37df5e09cd75ce4a7148
-
SSDEEP
12288:hMrpy90qE0mgIVf3T61Zr5WQGGYU3Mn6FXMGOJuGMRNagl+DJ:MyzyVqWQAUcaXZXLMDJ
Static task
static1
Behavioral task
behavioral1
Sample
5dedf59b9990a24937f8141bed72f5723a710e4f2e8107c13e664321e81fe7ae.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Extracted
redline
forma
193.233.20.24:4123
-
auth_value
50b8e065d7cb1e9e30786f7a370368f9
Targets
-
-
Target
5dedf59b9990a24937f8141bed72f5723a710e4f2e8107c13e664321e81fe7ae
-
Size
535KB
-
MD5
a7ea9d2012cfa9c142248b1fd2f84685
-
SHA1
47bef3ad663ec38aa73d57674b929ce78d11bd78
-
SHA256
5dedf59b9990a24937f8141bed72f5723a710e4f2e8107c13e664321e81fe7ae
-
SHA512
a481015cf1807af4e331be930136b3f2f90ac224afc7e5c8b2b722717714f677ecc262e759ebe777b8cb1193c8546282e6ca6cd1c9cc37df5e09cd75ce4a7148
-
SSDEEP
12288:hMrpy90qE0mgIVf3T61Zr5WQGGYU3Mn6FXMGOJuGMRNagl+DJ:MyzyVqWQAUcaXZXLMDJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-