Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276
-
Size
409KB
-
Sample
230309-j46p1sbc92
-
MD5
5d1652da7e3520834f497fae78185e0e
-
SHA1
4c84d1f92fb1555e0cff7a2e2df12cad2460c9f5
-
SHA256
fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276
-
SHA512
0fd263299bad8403505e6aabda64e0477d50331d0dbda1602cf65012a4177ea8dc577e84f6f05e5a95539d243b0067bc6c0cd37982034fc8ec96bf5052f6b121
-
SSDEEP
6144:Key+bnr++p0yN90QE7/V/UCt9D7yNtxbHSLj1v6xULrXDalQpivx7eod8yAs:OMr+y90/8Ct9DQtBAJlLfZ0vx7gs
Static task
static1
Behavioral task
behavioral1
Sample
fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276
-
Size
409KB
-
MD5
5d1652da7e3520834f497fae78185e0e
-
SHA1
4c84d1f92fb1555e0cff7a2e2df12cad2460c9f5
-
SHA256
fa2dacfff38ba6648f3b14112a9c185c52bfed981b9ff7b2c317a78950764276
-
SHA512
0fd263299bad8403505e6aabda64e0477d50331d0dbda1602cf65012a4177ea8dc577e84f6f05e5a95539d243b0067bc6c0cd37982034fc8ec96bf5052f6b121
-
SSDEEP
6144:Key+bnr++p0yN90QE7/V/UCt9D7yNtxbHSLj1v6xULrXDalQpivx7eod8yAs:OMr+y90/8Ct9DQtBAJlLfZ0vx7gs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-