Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109
-
Size
659KB
-
Sample
230304-d5ttysbh71
-
MD5
0da70b7b891b432062dd018bccede909
-
SHA1
ff177f625ddc986a1a7d6900d724b9139617da6d
-
SHA256
331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109
-
SHA512
6125e81a1f837517c2132114e08410a03f7623765fcd00267555da06bfb0feacdf6113662547b7317cdc9de9722a9dea173c8c0fb1adbd29b931fa1e227ccb27
-
SSDEEP
12288:jMrvy90BoC6rwtbT1U1GlKZakXR87qS4ZjQZax51SFMzOhge:gyUoC6UtT1U2KZaUeTaf4Gyie
Static task
static1
Behavioral task
behavioral1
Sample
331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
redline
foksa
hueref.eu:4162
-
auth_value
6a9b2601a21672b285de3ed41b5402e4
Targets
-
-
Target
331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109
-
Size
659KB
-
MD5
0da70b7b891b432062dd018bccede909
-
SHA1
ff177f625ddc986a1a7d6900d724b9139617da6d
-
SHA256
331d29d790c435fc229fdd9cfd5e1eaa449851df24b670d3ad528eddce4ce109
-
SHA512
6125e81a1f837517c2132114e08410a03f7623765fcd00267555da06bfb0feacdf6113662547b7317cdc9de9722a9dea173c8c0fb1adbd29b931fa1e227ccb27
-
SSDEEP
12288:jMrvy90BoC6rwtbT1U1GlKZakXR87qS4ZjQZax51SFMzOhge:gyUoC6UtT1U2KZaUeTaf4Gyie
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-