Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103
-
Size
560KB
-
Sample
230306-p7c5rscd45
-
MD5
c157049b914f3024400917c2c1897836
-
SHA1
fd4653c6777e729cf4f2393a3565643fb4340e09
-
SHA256
39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103
-
SHA512
1b90e3d6eff07d2e4e6cc0659095f447741c6d4b0e75ab24bb91c957e8b1e9931f4b2dc2968309b0ee6a5fdeb141f9c883ada06fd229e9b6f5eb506f780d0cbc
-
SSDEEP
12288:xMrqy90stAM3tKcg8LQsLcBC8hXRP8FIBkiT:LyB3tAyZo7hXiIyiT
Static task
static1
Behavioral task
behavioral1
Sample
39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103
-
Size
560KB
-
MD5
c157049b914f3024400917c2c1897836
-
SHA1
fd4653c6777e729cf4f2393a3565643fb4340e09
-
SHA256
39da6daa95ea93726cc20cfaaf17ad7e7659b5a5fb2928f34be8679b6d987103
-
SHA512
1b90e3d6eff07d2e4e6cc0659095f447741c6d4b0e75ab24bb91c957e8b1e9931f4b2dc2968309b0ee6a5fdeb141f9c883ada06fd229e9b6f5eb506f780d0cbc
-
SSDEEP
12288:xMrqy90stAM3tKcg8LQsLcBC8hXRP8FIBkiT:LyB3tAyZo7hXiIyiT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-