Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a32d74feaebde8f218d02d99347983aa9b9be0ec85a4f.exe
-
Size
896KB
-
Sample
230315-n9qyzafb3w
-
MD5
e01eed093c11df9172d1a70484e8f973
-
SHA1
6a9b4f44a5d2cdab4770811543963e66f09d97ec
-
SHA256
a32d74feaebde8f218d02d99347983aa9b9be0ec85a4f409c5f210fbd3f861bb
-
SHA512
6a6a327210f5d35a307c1b9b66bf6e5b65b7cb2303e9126a5457a1be1ac708281cca0a4aea6d4b55e503e930a24213218271e261f80f5df4162be351317c8022
-
SSDEEP
12288:C4a2aC3D3Lfzn7PjXNWjCT3eOPRRlWXYtvp0OjGP91pCmOBgu50x3ecZ:HsjCT6u0tP/OBgu50x3ecZ
Static task
static1
Behavioral task
behavioral1
Sample
a32d74feaebde8f218d02d99347983aa9b9be0ec85a4f.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
MatyWon2
85.31.54.216:43728
-
auth_value
abc9e9d7ec3024110589ea03bcfaaa89
Targets
-
-
Target
a32d74feaebde8f218d02d99347983aa9b9be0ec85a4f.exe
-
Size
896KB
-
MD5
e01eed093c11df9172d1a70484e8f973
-
SHA1
6a9b4f44a5d2cdab4770811543963e66f09d97ec
-
SHA256
a32d74feaebde8f218d02d99347983aa9b9be0ec85a4f409c5f210fbd3f861bb
-
SHA512
6a6a327210f5d35a307c1b9b66bf6e5b65b7cb2303e9126a5457a1be1ac708281cca0a4aea6d4b55e503e930a24213218271e261f80f5df4162be351317c8022
-
SSDEEP
12288:C4a2aC3D3Lfzn7PjXNWjCT3eOPRRlWXYtvp0OjGP91pCmOBgu50x3ecZ:HsjCT6u0tP/OBgu50x3ecZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-