Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d8427d753b839fc16cef130eedefe06b.exe
-
Size
716KB
-
Sample
230310-je9elsdh5w
-
MD5
d8427d753b839fc16cef130eedefe06b
-
SHA1
2316de94ac85a9f068a1620cb419e9aae351cef0
-
SHA256
8bf33dea1c91ed1e58fbd244349f9ce410c88cb6a02e7fe57b373e6acb6e75b4
-
SHA512
cc4d8d6ced4bc8ed65310fd00e992c95b5a498e66114b0befd0d6d719d5ac759174f29c1a537b757b2af457f3bc7442c0eda7098bf1300dca98abd4151be9920
-
SSDEEP
12288:skQH4MLTHJ9dj9pi/3TtReM4AreTcrrVGU5k7yDpLD5kNS2U/:G4MnHJ9JK3TtReMa8r0U5iyfkNW
Static task
static1
Behavioral task
behavioral1
Sample
d8427d753b839fc16cef130eedefe06b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d8427d753b839fc16cef130eedefe06b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dezik
193.56.146.220:4174
-
auth_value
d39f21dca8edc10800b036ab83f4d75e
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
d8427d753b839fc16cef130eedefe06b.exe
-
Size
716KB
-
MD5
d8427d753b839fc16cef130eedefe06b
-
SHA1
2316de94ac85a9f068a1620cb419e9aae351cef0
-
SHA256
8bf33dea1c91ed1e58fbd244349f9ce410c88cb6a02e7fe57b373e6acb6e75b4
-
SHA512
cc4d8d6ced4bc8ed65310fd00e992c95b5a498e66114b0befd0d6d719d5ac759174f29c1a537b757b2af457f3bc7442c0eda7098bf1300dca98abd4151be9920
-
SSDEEP
12288:skQH4MLTHJ9dj9pi/3TtReM4AreTcrrVGU5k7yDpLD5kNS2U/:G4MnHJ9JK3TtReMa8r0U5iyfkNW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-