Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.zip
-
Size
495KB
-
Sample
230310-naplvseg81
-
MD5
7bea2d764e505dc43303ee0f844bab8e
-
SHA1
728caa78cc4e9e63718253ffb96c3ae68dba265c
-
SHA256
0282095e145e94821871ad4e4800581e443bf2b8485a2d22116d397f65db0a03
-
SHA512
4569cd93adb5cd21876e9263c3c45329de51bd6f443964169d29f4ac2f15ca2f912d0d5c55e3a29dd7947398a6c77a0f646efc89537b8c079b02675fe8f0824d
-
SSDEEP
12288:MJL3CpvVliLerDEUvXnJTw1giAxBBNMT3yT3P:qyLYLer/Nw1gi4giD
Static task
static1
Behavioral task
behavioral1
Sample
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
dezik
193.56.146.220:4174
-
auth_value
d39f21dca8edc10800b036ab83f4d75e
Targets
-
-
Target
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1.exe
-
Size
546KB
-
MD5
97cf24fe6897d29e30d2dc3611925b6a
-
SHA1
da1af28634f8a475ca502d9954b6fe210591b14e
-
SHA256
c20c9015ec3391e1b9ec4116f4f3dcef5ce4e707839d04768a132c9d38ba56b1
-
SHA512
c4cef03a07c2c3bcb91404c673441167e9b06d70ca49e89723de87a75bfa50d3b2927c1026bb53a9d25058b33024d57fc9757101f15231fbed8d37e933482e61
-
SSDEEP
12288:OMray90WopsyHcX85sYe+JidaWINaqAE2BXncZr:gyRODcMah6WINaqAjNncF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-