Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a
-
Size
787KB
-
Sample
230314-2g8j7sca7y
-
MD5
7faa376a765fa4c67f9e41610d8b9f83
-
SHA1
73b34a47582792251b9558b8e12f255f575b2abe
-
SHA256
6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a
-
SHA512
d09678887da10d9ab541c68427f42e568a18a11ef16ea90438c2c0a8a30e70697b11694437a38e9492da87e12fd6ea5e59ff8b79da5f5cd010117ff3bbd8fa3d
-
SSDEEP
12288:pMrfy90det6HLKupqAbIC82CHuDt29yakAh4JJUreGaYE/okR151M9dXYk12qL8W:yy8eWPq/MCHg0UalhwtGaYToL1yRYZM
Static task
static1
Behavioral task
behavioral1
Sample
6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
rita
193.233.20.28:4125
-
auth_value
5cf1bcf41b0a2f3710619223451dfd3a
Targets
-
-
Target
6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a
-
Size
787KB
-
MD5
7faa376a765fa4c67f9e41610d8b9f83
-
SHA1
73b34a47582792251b9558b8e12f255f575b2abe
-
SHA256
6bb69574b66315431a7ac43a225848df198b3f436e5c259d43cd8071b4f71a6a
-
SHA512
d09678887da10d9ab541c68427f42e568a18a11ef16ea90438c2c0a8a30e70697b11694437a38e9492da87e12fd6ea5e59ff8b79da5f5cd010117ff3bbd8fa3d
-
SSDEEP
12288:pMrfy90det6HLKupqAbIC82CHuDt29yakAh4JJUreGaYE/okR151M9dXYk12qL8W:yy8eWPq/MCHg0UalhwtGaYToL1yRYZM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-