Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
50f4f989e4b657e02224738e464f133f5898c16e8a5b90be7c984075b2eb27d7
-
Size
526KB
-
Sample
230305-ze99xagg9y
-
MD5
6e4a4fd89a439b8a7206438652275c8d
-
SHA1
1d807090fa108056c9d9016c873b2e2de5347c87
-
SHA256
50f4f989e4b657e02224738e464f133f5898c16e8a5b90be7c984075b2eb27d7
-
SHA512
3f7e9b20d13febad7da1349433280e4a83c69291e20344d83b3964758e13b2de2382fca373123c69be58d43e92332b70dc12b04a093c950987077e89538c9f08
-
SSDEEP
12288:gMrdy90IYCLd4Nrvcx7eH2KutT1ZyVYN5Jp7:Ny4CLdaLWKKwuTp7
Static task
static1
Behavioral task
behavioral1
Sample
50f4f989e4b657e02224738e464f133f5898c16e8a5b90be7c984075b2eb27d7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
50f4f989e4b657e02224738e464f133f5898c16e8a5b90be7c984075b2eb27d7
-
Size
526KB
-
MD5
6e4a4fd89a439b8a7206438652275c8d
-
SHA1
1d807090fa108056c9d9016c873b2e2de5347c87
-
SHA256
50f4f989e4b657e02224738e464f133f5898c16e8a5b90be7c984075b2eb27d7
-
SHA512
3f7e9b20d13febad7da1349433280e4a83c69291e20344d83b3964758e13b2de2382fca373123c69be58d43e92332b70dc12b04a093c950987077e89538c9f08
-
SSDEEP
12288:gMrdy90IYCLd4Nrvcx7eH2KutT1ZyVYN5Jp7:Ny4CLdaLWKKwuTp7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-