Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26
-
Size
1.1MB
-
Sample
230302-h6pzlsbe51
-
MD5
7f6536e7456dbb3d0812893eb21efbb9
-
SHA1
1b80b471cdab31a1ce5f5e0ae23606c86b14e3bf
-
SHA256
cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26
-
SHA512
a18d597e4779527269a8c6e08b5da1a9db91e42e31539c244d685e8ac1d2ef72d4f21cbd21b0498dad7e544486010f08d36a666be1e578a9ac7cb2fe6499189a
-
SSDEEP
24576:Vysc8c91t0G0NcChw3o1OmUX5M+bWWxxharHfBFCiL9JxyyCXKcLaSALR:w112GMBi2UJzyGYrPCij4yC6ZSA
Static task
static1
Behavioral task
behavioral1
Sample
cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Extracted
redline
durov
193.56.146.11:4162
-
auth_value
337984645d237df105d30aab7013119f
Targets
-
-
Target
cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26
-
Size
1.1MB
-
MD5
7f6536e7456dbb3d0812893eb21efbb9
-
SHA1
1b80b471cdab31a1ce5f5e0ae23606c86b14e3bf
-
SHA256
cbecc0e3f9de795aec8153c04fb0a49aea5aafd75432308b144787bcb2e3ed26
-
SHA512
a18d597e4779527269a8c6e08b5da1a9db91e42e31539c244d685e8ac1d2ef72d4f21cbd21b0498dad7e544486010f08d36a666be1e578a9ac7cb2fe6499189a
-
SSDEEP
24576:Vysc8c91t0G0NcChw3o1OmUX5M+bWWxxharHfBFCiL9JxyyCXKcLaSALR:w112GMBi2UJzyGYrPCij4yC6ZSA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-