Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
88e8bbeb8ff3e65cc5a8a562ad75ffb5.exe
-
Size
1.2MB
-
Sample
230302-nqkmvacd3v
-
MD5
88e8bbeb8ff3e65cc5a8a562ad75ffb5
-
SHA1
3822798f280ebf79013934f5a34654f6cd0873a4
-
SHA256
ea5aa739b4e95d86b19d2f3a1f332cc56463093c93861e7386bcf3b8d651d6c5
-
SHA512
4c1084f131dd0337742cdd1e8aa13f535da77e51e22a0d7070a33c3ff10a743aeba1307de0842cebe43c4b8b4a39a6b0b0c13b07cb31ed6dd2634f40f0dfa725
-
SSDEEP
24576:ly3PDsJS0rBzX6e/Cf7lIY5/PofVlZNG/i3ldz0/+5VBYxrzlF659QA:A/AVrlqeQIY5/PofDjG61dz0WjBYFlF
Static task
static1
Behavioral task
behavioral1
Sample
88e8bbeb8ff3e65cc5a8a562ad75ffb5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
88e8bbeb8ff3e65cc5a8a562ad75ffb5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Extracted
redline
durov
193.56.146.11:4162
-
auth_value
337984645d237df105d30aab7013119f
Targets
-
-
Target
88e8bbeb8ff3e65cc5a8a562ad75ffb5.exe
-
Size
1.2MB
-
MD5
88e8bbeb8ff3e65cc5a8a562ad75ffb5
-
SHA1
3822798f280ebf79013934f5a34654f6cd0873a4
-
SHA256
ea5aa739b4e95d86b19d2f3a1f332cc56463093c93861e7386bcf3b8d651d6c5
-
SHA512
4c1084f131dd0337742cdd1e8aa13f535da77e51e22a0d7070a33c3ff10a743aeba1307de0842cebe43c4b8b4a39a6b0b0c13b07cb31ed6dd2634f40f0dfa725
-
SSDEEP
24576:ly3PDsJS0rBzX6e/Cf7lIY5/PofVlZNG/i3ldz0/+5VBYxrzlF659QA:A/AVrlqeQIY5/PofDjG61dz0WjBYFlF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-