Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
baeff3e6fdd93bbf488c9ef19b898a8097b4f50bd95018ec7bb1dc8721e86d95
-
Size
1.2MB
-
Sample
230302-jwbvnsbf4y
-
MD5
fc9cf8d6a035a8994d630d791d9afc37
-
SHA1
c5a5a58309cbca7b46ce9b507fc30a60a823048a
-
SHA256
baeff3e6fdd93bbf488c9ef19b898a8097b4f50bd95018ec7bb1dc8721e86d95
-
SHA512
3df3f69895d0754546cec220be05091e88d20b6bf4b7d38fcedd76102290ce48000a3523bbadb54250eb3bfe45a0fb447321ea1e4b47aec9b44e743c19337bca
-
SSDEEP
24576:iy03MUficJ9abkEE7U3EP8CQ4b7MO6XJdHMzEhN2GdWLd:JH7KYJE7UUEC9cJdsIT3WL
Static task
static1
Behavioral task
behavioral1
Sample
baeff3e6fdd93bbf488c9ef19b898a8097b4f50bd95018ec7bb1dc8721e86d95.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Extracted
redline
durov
193.56.146.11:4162
-
auth_value
337984645d237df105d30aab7013119f
Targets
-
-
Target
baeff3e6fdd93bbf488c9ef19b898a8097b4f50bd95018ec7bb1dc8721e86d95
-
Size
1.2MB
-
MD5
fc9cf8d6a035a8994d630d791d9afc37
-
SHA1
c5a5a58309cbca7b46ce9b507fc30a60a823048a
-
SHA256
baeff3e6fdd93bbf488c9ef19b898a8097b4f50bd95018ec7bb1dc8721e86d95
-
SHA512
3df3f69895d0754546cec220be05091e88d20b6bf4b7d38fcedd76102290ce48000a3523bbadb54250eb3bfe45a0fb447321ea1e4b47aec9b44e743c19337bca
-
SSDEEP
24576:iy03MUficJ9abkEE7U3EP8CQ4b7MO6XJdHMzEhN2GdWLd:JH7KYJE7UUEC9cJdsIT3WL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-