Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
20794860791f8b12672eb6a15666b3643cafca3b284d874c89b7938ebf54d36f
-
Size
576KB
-
Sample
230309-chj6kaab58
-
MD5
ccff72bb1ee962025c17425eb519a845
-
SHA1
ccb927256cf9f9f9c24bf37e21129347c5dc3005
-
SHA256
20794860791f8b12672eb6a15666b3643cafca3b284d874c89b7938ebf54d36f
-
SHA512
2e02341d224fcc60d3ce9cc44de8715f835fe34007d44853b0b42ee3282c816a5b075f05f43a22adf11bfeb4f4f39344d0ed1d6a85181a9c450dcd9e33d6322f
-
SSDEEP
12288:uMrQy90iahimz7AuxqVkTqNzTMly6mjfFCBy9D57:WyXsVAuxYkTq5ufMfIg97
Static task
static1
Behavioral task
behavioral1
Sample
20794860791f8b12672eb6a15666b3643cafca3b284d874c89b7938ebf54d36f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
20794860791f8b12672eb6a15666b3643cafca3b284d874c89b7938ebf54d36f
-
Size
576KB
-
MD5
ccff72bb1ee962025c17425eb519a845
-
SHA1
ccb927256cf9f9f9c24bf37e21129347c5dc3005
-
SHA256
20794860791f8b12672eb6a15666b3643cafca3b284d874c89b7938ebf54d36f
-
SHA512
2e02341d224fcc60d3ce9cc44de8715f835fe34007d44853b0b42ee3282c816a5b075f05f43a22adf11bfeb4f4f39344d0ed1d6a85181a9c450dcd9e33d6322f
-
SSDEEP
12288:uMrQy90iahimz7AuxqVkTqNzTMly6mjfFCBy9D57:WyXsVAuxYkTq5ufMfIg97
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-