Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7
-
Size
546KB
-
Sample
230304-ffepvacg56
-
MD5
0f062aba922cd4ad2a6042fa0b728cbc
-
SHA1
1441bd1f1312f6b6745f4d9e6e3e82fb3b5c1899
-
SHA256
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7
-
SHA512
ce219bf1e83ceccc9ad0c633166b84009d22fc5281ba59943c563d7a639a13f6c295c893940803948715498acf349a0355d7258b5bff136854428d841fa3be05
-
SSDEEP
6144:KXy+bnr+2p0yN90QELOSwbSU3feGIeUT7vXyjz6lGh1CIaE/b4756MmOPeR7J4BX:RMrey909U6ecub/TctLfs7eKb+
Static task
static1
Behavioral task
behavioral1
Sample
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Extracted
redline
fomich
melevv.eu:4162
-
auth_value
b018e52ac946001794d8b8c23e901859
Targets
-
-
Target
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7
-
Size
546KB
-
MD5
0f062aba922cd4ad2a6042fa0b728cbc
-
SHA1
1441bd1f1312f6b6745f4d9e6e3e82fb3b5c1899
-
SHA256
7bca9b8c64ac05d8e80ddd2dc5d21f4c3cf4e3b843841b2aaa7c1a1fd80889f7
-
SHA512
ce219bf1e83ceccc9ad0c633166b84009d22fc5281ba59943c563d7a639a13f6c295c893940803948715498acf349a0355d7258b5bff136854428d841fa3be05
-
SSDEEP
6144:KXy+bnr+2p0yN90QELOSwbSU3feGIeUT7vXyjz6lGh1CIaE/b4756MmOPeR7J4BX:RMrey909U6ecub/TctLfs7eKb+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-