Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1
-
Size
551KB
-
Sample
230302-swljjsde28
-
MD5
1a0a9f0c29a3f2b902cc7964d1490d21
-
SHA1
eccbf588d28ed6365b807f8bcc84098cc3bab829
-
SHA256
a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1
-
SHA512
7bd062037c005f9342f5354b1dafe1b0c0351801e9115f7b5ee7bc54c92904844c8b2c5276494609000fe923eb626c32758c55696051b14c2df3578e067206ee
-
SSDEEP
12288:JMrgy90dRvVAYbZ3gdnoceEwzLu8duuQ2M4fS:xyeV7b2oUk68YOM46
Static task
static1
Behavioral task
behavioral1
Sample
a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Extracted
redline
fomich
melevv.eu:4162
-
auth_value
b018e52ac946001794d8b8c23e901859
Targets
-
-
Target
a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1
-
Size
551KB
-
MD5
1a0a9f0c29a3f2b902cc7964d1490d21
-
SHA1
eccbf588d28ed6365b807f8bcc84098cc3bab829
-
SHA256
a5b64e80944a8bc466b913ba5c246eb24ed63f533c8beb15ccd697191fe165b1
-
SHA512
7bd062037c005f9342f5354b1dafe1b0c0351801e9115f7b5ee7bc54c92904844c8b2c5276494609000fe923eb626c32758c55696051b14c2df3578e067206ee
-
SSDEEP
12288:JMrgy90dRvVAYbZ3gdnoceEwzLu8duuQ2M4fS:xyeV7b2oUk68YOM46
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-