Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03
-
Size
546KB
-
Sample
230303-tave1aab85
-
MD5
a6a17ee1d667a8134347bdc23323ce98
-
SHA1
320990bcb550a6d260fbf61beb3c9bed9700807a
-
SHA256
5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03
-
SHA512
1d6ea325a7c0a02aa246d7d01af74d7eff742ea0869bd5ec0ee02e1777ba8fc90808068cafbd5d8bf2d13ec741568a2572642b190d4e7d72fca079d69da9573b
-
SSDEEP
12288:YMrZy90sh2Do7vIxuSKsmlX1+1Z1NJOtslMfc4Niqn3MtDPFcxAjf+:hy/23uSKsmh1+1Z1N4tY4cnDdljm
Static task
static1
Behavioral task
behavioral1
Sample
5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
redline
foksa
hueref.eu:4162
-
auth_value
6a9b2601a21672b285de3ed41b5402e4
Targets
-
-
Target
5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03
-
Size
546KB
-
MD5
a6a17ee1d667a8134347bdc23323ce98
-
SHA1
320990bcb550a6d260fbf61beb3c9bed9700807a
-
SHA256
5a3486545ad0bd7a4e261859218f4e17e488c548754a179ef826ba2558431b03
-
SHA512
1d6ea325a7c0a02aa246d7d01af74d7eff742ea0869bd5ec0ee02e1777ba8fc90808068cafbd5d8bf2d13ec741568a2572642b190d4e7d72fca079d69da9573b
-
SSDEEP
12288:YMrZy90sh2Do7vIxuSKsmlX1+1Z1NJOtslMfc4Niqn3MtDPFcxAjf+:hy/23uSKsmh1+1Z1N4tY4cnDdljm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-