Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f3aa64b3c6141f04799877845e34acb85fef155b680f7cb56e550c14b4dbf112
-
Size
569KB
-
Sample
230308-jmcqlsef94
-
MD5
2d17c6e2f109e53067c040ca4c8dd64d
-
SHA1
9b132c63494e197efc4907cab879382381bf1ffb
-
SHA256
f3aa64b3c6141f04799877845e34acb85fef155b680f7cb56e550c14b4dbf112
-
SHA512
33667c5c6083a537162982d7e748de5fcf06e7e38355f03717a6390e2b44bdea975e540a07c7b1fd694e000c2d6e4a10f8cd6e4f7d5355fb6d5a35ec1c8dd750
-
SSDEEP
12288:wMrfy90lahimz7AuxqVsXkpJTzozn4edJyY8Hnx:/yYsVAuxYsIJgzn4edlc
Static task
static1
Behavioral task
behavioral1
Sample
f3aa64b3c6141f04799877845e34acb85fef155b680f7cb56e550c14b4dbf112.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
f3aa64b3c6141f04799877845e34acb85fef155b680f7cb56e550c14b4dbf112
-
Size
569KB
-
MD5
2d17c6e2f109e53067c040ca4c8dd64d
-
SHA1
9b132c63494e197efc4907cab879382381bf1ffb
-
SHA256
f3aa64b3c6141f04799877845e34acb85fef155b680f7cb56e550c14b4dbf112
-
SHA512
33667c5c6083a537162982d7e748de5fcf06e7e38355f03717a6390e2b44bdea975e540a07c7b1fd694e000c2d6e4a10f8cd6e4f7d5355fb6d5a35ec1c8dd750
-
SSDEEP
12288:wMrfy90lahimz7AuxqVsXkpJTzozn4edJyY8Hnx:/yYsVAuxYsIJgzn4edlc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-