Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea
-
Size
536KB
-
Sample
230322-pggehaaf4t
-
MD5
9ae4183257c6f0e638e07f673f330ac7
-
SHA1
07b85f4a67dc09f617ec42e5f7cf980f8b263255
-
SHA256
1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea
-
SHA512
4b4f81b8726aaeebea1ad20b1766625cec67e4e3bbda02cd118da5867a1ff44f0082347b21bc884e64d90b681956b695afe473d56549d28b3f64c53e2b3a30a1
-
SSDEEP
12288:EMrEy903FfydbT+NGpQYS43CCMr/lafeaYwTRwl:Qy2FfO/zyYS43xMr9a9TRwl
Static task
static1
Behavioral task
behavioral1
Sample
1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
polo
193.233.20.31:4125
-
auth_value
f1a1b1041a864e0f1f788d42ececa8b3
Targets
-
-
Target
1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea
-
Size
536KB
-
MD5
9ae4183257c6f0e638e07f673f330ac7
-
SHA1
07b85f4a67dc09f617ec42e5f7cf980f8b263255
-
SHA256
1ad3c00ad28c11ba8a73a4122be82ba66e01cc52fdce01451039aed2aa50e8ea
-
SHA512
4b4f81b8726aaeebea1ad20b1766625cec67e4e3bbda02cd118da5867a1ff44f0082347b21bc884e64d90b681956b695afe473d56549d28b3f64c53e2b3a30a1
-
SSDEEP
12288:EMrEy903FfydbT+NGpQYS43CCMr/lafeaYwTRwl:Qy2FfO/zyYS43xMr9a9TRwl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-