Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230
-
Size
864KB
-
Sample
230315-trqhdagd4z
-
MD5
29381b7ef0d8518e3a53c0f78ef14cbe
-
SHA1
3e3dbcd31af5c332e570e7fb4533910ff05ffed7
-
SHA256
cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230
-
SHA512
7b649ef8ca7ce7255b2a90372e3bb89ce144c9e2ed2d6b0281d41fe49833165abd625d3ac49739dbc6b1e59929ad255dfec30fa59e738278334d31245669d8a8
-
SSDEEP
12288:XMrsy90d8g1x8nHBAfh1OzZfV4ZwLqp74DiNZBqileuoz4Wo5iTGLNNfz:Dykp1x0HqLaneTN4DviZoz4vkI3
Static task
static1
Behavioral task
behavioral1
Sample
cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
sito
193.233.20.28:4125
-
auth_value
030f94d8e396dbe51ce339b815cdad17
Targets
-
-
Target
cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230
-
Size
864KB
-
MD5
29381b7ef0d8518e3a53c0f78ef14cbe
-
SHA1
3e3dbcd31af5c332e570e7fb4533910ff05ffed7
-
SHA256
cf4f0b8ce122fd8181f90cfd99fe1d29971105d88a154849993c038abdab3230
-
SHA512
7b649ef8ca7ce7255b2a90372e3bb89ce144c9e2ed2d6b0281d41fe49833165abd625d3ac49739dbc6b1e59929ad255dfec30fa59e738278334d31245669d8a8
-
SSDEEP
12288:XMrsy90d8g1x8nHBAfh1OzZfV4ZwLqp74DiNZBqileuoz4Wo5iTGLNNfz:Dykp1x0HqLaneTN4DviZoz4vkI3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-