Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2
-
Size
1.3MB
-
Sample
230301-wj28bahd63
-
MD5
62cab663d218c152d00ef98f1b4a4cf7
-
SHA1
435a083ebfed6445e8ee1d487fad1a1ffdd3c9a1
-
SHA256
002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2
-
SHA512
963f73b7bdca3ac9edad11554e19a0bd89eefcea9ebc6c794506c2efa7443dc07249279639bd979cabdc5d06ac58fbd204e33095d2c16c87a2c1d78e0114f88f
-
SSDEEP
24576:4yvwJJmioZPBAU7mUyv9pDk6Bz3TpSy3oc0aMm7shAXzeHMrbV761:/wJ4MWmUyFpDkez3Tp935Mm7s+jeHMHp
Static task
static1
Behavioral task
behavioral1
Sample
002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2
-
Size
1.3MB
-
MD5
62cab663d218c152d00ef98f1b4a4cf7
-
SHA1
435a083ebfed6445e8ee1d487fad1a1ffdd3c9a1
-
SHA256
002776c37d85fcca57dfea495f529bceb725f280e2fefdaad8cf98601f9ab8a2
-
SHA512
963f73b7bdca3ac9edad11554e19a0bd89eefcea9ebc6c794506c2efa7443dc07249279639bd979cabdc5d06ac58fbd204e33095d2c16c87a2c1d78e0114f88f
-
SSDEEP
24576:4yvwJJmioZPBAU7mUyv9pDk6Bz3TpSy3oc0aMm7shAXzeHMrbV761:/wJ4MWmUyFpDkez3Tp935Mm7s+jeHMHp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-