Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277
-
Size
688KB
-
Sample
230324-3qda4aaa72
-
MD5
55f8f5af46c32287f95222faf9a31521
-
SHA1
37f33271fe8734a16b7ac883937d5d7ffc2e02bf
-
SHA256
b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277
-
SHA512
c8d9b8eede45a38b60e4d4d63beda9e2e02fc7de1c2286e2ae2e988a497de2180d6973584fc536252e53cfb419cce4aab170558eb5f3bc513df0406c9801e258
-
SSDEEP
12288:eMroy90LdgxsZadxQOLllhFOCeHkjIdx6Nag+dBWeMZ1Pp2Rh:qyMgxBqO2YIdYa9dYbjh+
Static task
static1
Behavioral task
behavioral1
Sample
b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lenka
193.233.20.32:4125
-
auth_value
8a60e8b2ec79d6a7e92f9feac39b8830
Targets
-
-
Target
b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277
-
Size
688KB
-
MD5
55f8f5af46c32287f95222faf9a31521
-
SHA1
37f33271fe8734a16b7ac883937d5d7ffc2e02bf
-
SHA256
b6506c7b8503c8700079ec82b275f6953cc9d71a2590540e5c21c161cd8c6277
-
SHA512
c8d9b8eede45a38b60e4d4d63beda9e2e02fc7de1c2286e2ae2e988a497de2180d6973584fc536252e53cfb419cce4aab170558eb5f3bc513df0406c9801e258
-
SSDEEP
12288:eMroy90LdgxsZadxQOLllhFOCeHkjIdx6Nag+dBWeMZ1Pp2Rh:qyMgxBqO2YIdYa9dYbjh+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-