Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c146bcd7b77238b6ef7823c8ec8f389c2337f80d76a6f60fe2c781f124424750
-
Size
873KB
-
Sample
230303-s21weshf2w
-
MD5
57e51238f3821ad466fcd8f251aba278
-
SHA1
080026889877b2a90e7928085f334af1b19fb42b
-
SHA256
c146bcd7b77238b6ef7823c8ec8f389c2337f80d76a6f60fe2c781f124424750
-
SHA512
82551b3a40adef971cf93d1544ea2f90ff65bd032fd631b5580a65f640cfaa065f2d8167003ad20e120919d74fdfdd873402639a7d4985940ade279f49add255
-
SSDEEP
12288:AMrvy9077sdZeFnI/9rQLaCLedTT3vDGCzAABt0B0WCAh/GHf4Q+PYfa:/yKoHeFI1q0TGCwCu/AgQsYfa
Static task
static1
Behavioral task
behavioral1
Sample
c146bcd7b77238b6ef7823c8ec8f389c2337f80d76a6f60fe2c781f124424750.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
amadey
3.68
193.233.20.25/buH5N004d/index.php
Targets
-
-
Target
c146bcd7b77238b6ef7823c8ec8f389c2337f80d76a6f60fe2c781f124424750
-
Size
873KB
-
MD5
57e51238f3821ad466fcd8f251aba278
-
SHA1
080026889877b2a90e7928085f334af1b19fb42b
-
SHA256
c146bcd7b77238b6ef7823c8ec8f389c2337f80d76a6f60fe2c781f124424750
-
SHA512
82551b3a40adef971cf93d1544ea2f90ff65bd032fd631b5580a65f640cfaa065f2d8167003ad20e120919d74fdfdd873402639a7d4985940ade279f49add255
-
SSDEEP
12288:AMrvy9077sdZeFnI/9rQLaCLedTT3vDGCzAABt0B0WCAh/GHf4Q+PYfa:/yKoHeFI1q0TGCwCu/AgQsYfa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-