Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
30cf7f0094fa89e25b6a2a3fcf179253dc77feb58bd0f4879981454661104fe4
-
Size
693KB
-
Sample
230309-m6rknaah9y
-
MD5
6e1f5bfcddf64802e3746a8c9726f0a8
-
SHA1
ce9be2ff55f9f42fd32f841d87ebc14e18206757
-
SHA256
30cf7f0094fa89e25b6a2a3fcf179253dc77feb58bd0f4879981454661104fe4
-
SHA512
f06ea5dba48586aea2c6a5f6673410b13cdc0a6b3912dfa04014c8f4f8cb9276013d33fab78b427e919ee6b70b67b28ed55dbc8d02997a6383fd71e69137d167
-
SSDEEP
12288:iMrDy90rB2gyc1CMwxyoIK2+ut8g0wi+cu1nUxOMEOtc8cwxnsBEpb:VyA+c1CMwY1b+ut8go+rnUxWsxnsepb
Static task
static1
Behavioral task
behavioral1
Sample
30cf7f0094fa89e25b6a2a3fcf179253dc77feb58bd0f4879981454661104fe4.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
diza
193.56.146.11:4173
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
30cf7f0094fa89e25b6a2a3fcf179253dc77feb58bd0f4879981454661104fe4
-
Size
693KB
-
MD5
6e1f5bfcddf64802e3746a8c9726f0a8
-
SHA1
ce9be2ff55f9f42fd32f841d87ebc14e18206757
-
SHA256
30cf7f0094fa89e25b6a2a3fcf179253dc77feb58bd0f4879981454661104fe4
-
SHA512
f06ea5dba48586aea2c6a5f6673410b13cdc0a6b3912dfa04014c8f4f8cb9276013d33fab78b427e919ee6b70b67b28ed55dbc8d02997a6383fd71e69137d167
-
SSDEEP
12288:iMrDy90rB2gyc1CMwxyoIK2+ut8g0wi+cu1nUxOMEOtc8cwxnsBEpb:VyA+c1CMwY1b+ut8go+rnUxWsxnsepb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-