Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bcb8618e8912c45f49b34de0c29316d3897028a03033a317403c00576a0ad53d
-
Size
550KB
-
Sample
230308-ew8r7aea24
-
MD5
1943ff8bdd2c83613e2e50b8fb82d068
-
SHA1
2538074a8c0671436be0ee331ddf41dfbee53303
-
SHA256
bcb8618e8912c45f49b34de0c29316d3897028a03033a317403c00576a0ad53d
-
SHA512
9444c4d6dd00349b14aca58fbb456e955081eb44f40de72d8cde80450a972edec7572011a1d4c1016cde8655a030529d88ca8f146fdf119d2d443c8819722232
-
SSDEEP
12288:jMruy90Tahimz7AuxqVlVWvo6dfmG85DXHhzjGy:xyesVAuxYj+6Dlh
Static task
static1
Behavioral task
behavioral1
Sample
bcb8618e8912c45f49b34de0c29316d3897028a03033a317403c00576a0ad53d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
bcb8618e8912c45f49b34de0c29316d3897028a03033a317403c00576a0ad53d
-
Size
550KB
-
MD5
1943ff8bdd2c83613e2e50b8fb82d068
-
SHA1
2538074a8c0671436be0ee331ddf41dfbee53303
-
SHA256
bcb8618e8912c45f49b34de0c29316d3897028a03033a317403c00576a0ad53d
-
SHA512
9444c4d6dd00349b14aca58fbb456e955081eb44f40de72d8cde80450a972edec7572011a1d4c1016cde8655a030529d88ca8f146fdf119d2d443c8819722232
-
SSDEEP
12288:jMruy90Tahimz7AuxqVlVWvo6dfmG85DXHhzjGy:xyesVAuxYj+6Dlh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-