Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf
-
Size
569KB
-
Sample
230308-1hnezsgb8z
-
MD5
dd6103aab40fe105ecd39e4f5db83fe4
-
SHA1
8aa367127ce6ebe413ed923b77975436ccbb2525
-
SHA256
f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf
-
SHA512
24bc6978cec0f690fce8a3610d80a73aab31e6ab61b8a759a1b86ddffeb703856d9557aea47a2a734b233a48b96f0d63bd0c927b2b6986f4dc7963af75b37a52
-
SSDEEP
12288:RMrsy90gahimz7AuxqVrhAfM7hjpKewASe4Ts3q:5y5sVAuxY1T738pL
Static task
static1
Behavioral task
behavioral1
Sample
f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf
-
Size
569KB
-
MD5
dd6103aab40fe105ecd39e4f5db83fe4
-
SHA1
8aa367127ce6ebe413ed923b77975436ccbb2525
-
SHA256
f65a89f6d7b12cc4972278bd37dd813709efdff2074825a2b32499d485caaccf
-
SHA512
24bc6978cec0f690fce8a3610d80a73aab31e6ab61b8a759a1b86ddffeb703856d9557aea47a2a734b233a48b96f0d63bd0c927b2b6986f4dc7963af75b37a52
-
SSDEEP
12288:RMrsy90gahimz7AuxqVrhAfM7hjpKewASe4Ts3q:5y5sVAuxY1T738pL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-