Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a5df028afc7bbf4b6ebcdc5f56a2928b176f23ca5fc8ed41b63a7f621fd64be3
-
Size
459KB
-
Sample
230311-tz9afsae22
-
MD5
79162109239bc54af5eddcd53911ff0d
-
SHA1
12b1b72a9e8bf8efa091b88c0ec275e51c76d1cb
-
SHA256
a5df028afc7bbf4b6ebcdc5f56a2928b176f23ca5fc8ed41b63a7f621fd64be3
-
SHA512
65d45a2c460b3be00a178bf8ee29c53a5f023407ed9a9b16d3405411c16e6ef7f65cf8c07312f740c1224b17c1a3c2a7807dc6866008cf5e39596c809ebea20f
-
SSDEEP
12288:m9oD+S8zhn8Z+RGOR9UJWzflQ9PWPIsDq:m9Fd2+Ma9UkJQtWPrDq
Static task
static1
Behavioral task
behavioral1
Sample
a5df028afc7bbf4b6ebcdc5f56a2928b176f23ca5fc8ed41b63a7f621fd64be3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
well
193.233.20.28:4125
-
auth_value
265e7373dd436339d88347c08a10b402
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
a5df028afc7bbf4b6ebcdc5f56a2928b176f23ca5fc8ed41b63a7f621fd64be3
-
Size
459KB
-
MD5
79162109239bc54af5eddcd53911ff0d
-
SHA1
12b1b72a9e8bf8efa091b88c0ec275e51c76d1cb
-
SHA256
a5df028afc7bbf4b6ebcdc5f56a2928b176f23ca5fc8ed41b63a7f621fd64be3
-
SHA512
65d45a2c460b3be00a178bf8ee29c53a5f023407ed9a9b16d3405411c16e6ef7f65cf8c07312f740c1224b17c1a3c2a7807dc6866008cf5e39596c809ebea20f
-
SSDEEP
12288:m9oD+S8zhn8Z+RGOR9UJWzflQ9PWPIsDq:m9Fd2+Ma9UkJQtWPrDq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-