Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3358b3ee0b994726e0708b3299c4dfa110d03ebf30c863dd5375646d3c54840a
-
Size
787KB
-
Sample
230314-zpd98ahg92
-
MD5
42c4cb41b837bcf9079663ff73839192
-
SHA1
70fa42bd81ac2f6bb1bfe719e706426fb335f47a
-
SHA256
3358b3ee0b994726e0708b3299c4dfa110d03ebf30c863dd5375646d3c54840a
-
SHA512
cf2e69f43e6161e70ab6a9d4734a4b1d0a3c8188297f7b03f3997d604d4b06d496617b449840d6e743fc4966a683558cc4656f3e772f51110ca49032cdde99da
-
SSDEEP
24576:xyHdJJPbSCmD8btsjF1uJVo+1Y7ufTvOUU:kHdJJPbmSt+uL51YM
Static task
static1
Behavioral task
behavioral1
Sample
3358b3ee0b994726e0708b3299c4dfa110d03ebf30c863dd5375646d3c54840a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
rita
193.233.20.28:4125
-
auth_value
5cf1bcf41b0a2f3710619223451dfd3a
Targets
-
-
Target
3358b3ee0b994726e0708b3299c4dfa110d03ebf30c863dd5375646d3c54840a
-
Size
787KB
-
MD5
42c4cb41b837bcf9079663ff73839192
-
SHA1
70fa42bd81ac2f6bb1bfe719e706426fb335f47a
-
SHA256
3358b3ee0b994726e0708b3299c4dfa110d03ebf30c863dd5375646d3c54840a
-
SHA512
cf2e69f43e6161e70ab6a9d4734a4b1d0a3c8188297f7b03f3997d604d4b06d496617b449840d6e743fc4966a683558cc4656f3e772f51110ca49032cdde99da
-
SSDEEP
24576:xyHdJJPbSCmD8btsjF1uJVo+1Y7ufTvOUU:kHdJJPbmSt+uL51YM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-