Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d
-
Size
790KB
-
Sample
230315-frmvlabf49
-
MD5
0c3f8bb5e3c09a5e3b33a7ff6179508a
-
SHA1
6b8895c84877532dc3da77a5377442dfe1c37754
-
SHA256
b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d
-
SHA512
41461201f4fd30c63a3a0d88f2919b3313c1e7f5a93a67119d7a9b88fb98402d5a0d4e2877d32af44745ea6e771bbaed145f6f88c1e5720cb7a7273e6de927e8
-
SSDEEP
24576:IyZW3weS8yrpXuPloQ2Tnfc3dLuESJnH:PM3FS8y8PlT2TnkNuE8
Static task
static1
Behavioral task
behavioral1
Sample
b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
rita
193.233.20.28:4125
-
auth_value
5cf1bcf41b0a2f3710619223451dfd3a
Targets
-
-
Target
b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d
-
Size
790KB
-
MD5
0c3f8bb5e3c09a5e3b33a7ff6179508a
-
SHA1
6b8895c84877532dc3da77a5377442dfe1c37754
-
SHA256
b62168c1dfbd144cee4929211387ea98db72a09d4a9c969aed0f10c78c0e684d
-
SHA512
41461201f4fd30c63a3a0d88f2919b3313c1e7f5a93a67119d7a9b88fb98402d5a0d4e2877d32af44745ea6e771bbaed145f6f88c1e5720cb7a7273e6de927e8
-
SSDEEP
24576:IyZW3weS8yrpXuPloQ2Tnfc3dLuESJnH:PM3FS8y8PlT2TnkNuE8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-