Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6
-
Size
392KB
-
Sample
230309-a2ap5ahg83
-
MD5
93fd4254348af868de495d6faf8a01dd
-
SHA1
00c0d87e84163370edf6dce2d2df276c966c8fac
-
SHA256
d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6
-
SHA512
c5c5886799b6a3a90e00d3a0794f75f3d5a139504ccf626d5384cd94348f491f8767a9a3f840c461af91fb9a19d8fdaf2497d50817ec4bb62d2f5eac56c354ba
-
SSDEEP
6144:KGy+bnr+Zp0yN90QEBaLeaUAjviz02E9+zqBbQlbJVeAJT8zl/D4aolh6L:SMrJy90QeaUAjY029aQp0zWaL
Static task
static1
Behavioral task
behavioral1
Sample
d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6
-
Size
392KB
-
MD5
93fd4254348af868de495d6faf8a01dd
-
SHA1
00c0d87e84163370edf6dce2d2df276c966c8fac
-
SHA256
d97b60f4850c1f39e4aaecd2f4036328ee8b5cfcc28b16c72ca53c2326d049b6
-
SHA512
c5c5886799b6a3a90e00d3a0794f75f3d5a139504ccf626d5384cd94348f491f8767a9a3f840c461af91fb9a19d8fdaf2497d50817ec4bb62d2f5eac56c354ba
-
SSDEEP
6144:KGy+bnr+Zp0yN90QEBaLeaUAjviz02E9+zqBbQlbJVeAJT8zl/D4aolh6L:SMrJy90QeaUAjY029aQp0zWaL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-