Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33
-
Size
811KB
-
Sample
230310-te3beagb8w
-
MD5
7d828de85b3454cbc9e7b29cf3a2740b
-
SHA1
cdfd30be8b7f97926acf004a9df645650c4c9d82
-
SHA256
0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33
-
SHA512
ef6ed6ad80060a7371625641c6392556c2a0be1a445b5ea313dd70e7fc8d609dd063d6000c1f1ed3e8770b02df8238eb6e4e800b84583992f61bc320555b421f
-
SSDEEP
12288:7Mrzy90SFskTOaJhwhphUGzmsMyJLD44S9llOVdEBmWUpV6NfcY4VJ33JY:Myai7woIo4ScVdamWUmNkVTY
Static task
static1
Behavioral task
behavioral1
Sample
0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
dezik
193.56.146.220:4174
-
auth_value
d39f21dca8edc10800b036ab83f4d75e
Targets
-
-
Target
0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33
-
Size
811KB
-
MD5
7d828de85b3454cbc9e7b29cf3a2740b
-
SHA1
cdfd30be8b7f97926acf004a9df645650c4c9d82
-
SHA256
0b40664a5c8ae772513a95df5bab618fba6b5f46e358a5125a7a3d6f100c6c33
-
SHA512
ef6ed6ad80060a7371625641c6392556c2a0be1a445b5ea313dd70e7fc8d609dd063d6000c1f1ed3e8770b02df8238eb6e4e800b84583992f61bc320555b421f
-
SSDEEP
12288:7Mrzy90SFskTOaJhwhphUGzmsMyJLD44S9llOVdEBmWUpV6NfcY4VJ33JY:Myai7woIo4ScVdamWUmNkVTY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-