Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1e0a9a6a6dbc719a4326c333ee95bbe6.exe
-
Size
1014KB
-
Sample
230322-x8dfxsah62
-
MD5
1e0a9a6a6dbc719a4326c333ee95bbe6
-
SHA1
8c440628251c732a94c8bf0fe700578eb0a00477
-
SHA256
f4aef4e4264c997d4475ab1f26bc08d64cf1a7f4a49d44a651b4a5f6474179d3
-
SHA512
5279ed48b9b56ed6f3e33038822e2aead507beae7c28f8a36b03974d17c7a932d893905f5ea83ae54e8a6e7f9b887574860b6782aea89e1b2aaaa246ecb1244f
-
SSDEEP
24576:AyzUhB8R5d6QMYqrwgKCkP7ewkaGyUbg30BIr:HYhM5UZYq6f5FGM38I
Static task
static1
Behavioral task
behavioral1
Sample
1e0a9a6a6dbc719a4326c333ee95bbe6.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
sint
193.233.20.31:4125
-
auth_value
9d9b763b4dcfbff1c06ef4743cc0399e
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
1e0a9a6a6dbc719a4326c333ee95bbe6.exe
-
Size
1014KB
-
MD5
1e0a9a6a6dbc719a4326c333ee95bbe6
-
SHA1
8c440628251c732a94c8bf0fe700578eb0a00477
-
SHA256
f4aef4e4264c997d4475ab1f26bc08d64cf1a7f4a49d44a651b4a5f6474179d3
-
SHA512
5279ed48b9b56ed6f3e33038822e2aead507beae7c28f8a36b03974d17c7a932d893905f5ea83ae54e8a6e7f9b887574860b6782aea89e1b2aaaa246ecb1244f
-
SSDEEP
24576:AyzUhB8R5d6QMYqrwgKCkP7ewkaGyUbg30BIr:HYhM5UZYq6f5FGM38I
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-