Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6226c1211403cf11636ae7c37524879c0695f3cf9dbc523c13413f4763cb6f20
-
Size
864KB
-
Sample
230315-y3khqahd2s
-
MD5
6a7079138184b175d99864c9a200c8be
-
SHA1
45db38541f22f3af9c34d7361a431881f27906e2
-
SHA256
6226c1211403cf11636ae7c37524879c0695f3cf9dbc523c13413f4763cb6f20
-
SHA512
78cab2f5b172144dbf13fc4e576476e41240734f8cddd3a071442993807d1b0cf17c10690133cf6e804746b609c1dbc178df503f6e05543b9ebddfc3d01479e2
-
SSDEEP
24576:NyLpDdERiLtVEhmy8VkhIJPYGKS2J682JQ:oLX2iLIhGHKSw6dJ
Static task
static1
Behavioral task
behavioral1
Sample
6226c1211403cf11636ae7c37524879c0695f3cf9dbc523c13413f4763cb6f20.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
sito
193.233.20.28:4125
-
auth_value
030f94d8e396dbe51ce339b815cdad17
Targets
-
-
Target
6226c1211403cf11636ae7c37524879c0695f3cf9dbc523c13413f4763cb6f20
-
Size
864KB
-
MD5
6a7079138184b175d99864c9a200c8be
-
SHA1
45db38541f22f3af9c34d7361a431881f27906e2
-
SHA256
6226c1211403cf11636ae7c37524879c0695f3cf9dbc523c13413f4763cb6f20
-
SHA512
78cab2f5b172144dbf13fc4e576476e41240734f8cddd3a071442993807d1b0cf17c10690133cf6e804746b609c1dbc178df503f6e05543b9ebddfc3d01479e2
-
SSDEEP
24576:NyLpDdERiLtVEhmy8VkhIJPYGKS2J682JQ:oLX2iLIhGHKSw6dJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-