Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976
-
Size
726KB
-
Sample
230325-df8xksag94
-
MD5
0e3ac54ec0bdedb8efdda8420a6fb9de
-
SHA1
314c712b182c6bbaee981d4426553399b5e2f61c
-
SHA256
920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976
-
SHA512
f09c77ef8c15f4fa75c4a520506af1d3106cfe757a11bdb155afd5cae1def29cc13e06c5db74c001ac16d21361ed3425b1db1697859e18d3b9e2a0c9f99c4f68
-
SSDEEP
12288:Ap3JDQAu5fdU6AdozuoTnsSu07dIIaYwKFd9iGWOCKjEWf8XgtpsDUdIQEm7ZxS:Ap5u1G6AWK/C7dnap89b98Xmm/m72
Static task
static1
Behavioral task
behavioral1
Sample
920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
firmu
193.233.20.32:4125
-
auth_value
9f3e5e35e4a3a38fc36c5a851728aa33
Targets
-
-
Target
920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976
-
Size
726KB
-
MD5
0e3ac54ec0bdedb8efdda8420a6fb9de
-
SHA1
314c712b182c6bbaee981d4426553399b5e2f61c
-
SHA256
920467052ef04f22c3b0219c7cf93b4384ae6eb7cbf833cb327816b0f99ab976
-
SHA512
f09c77ef8c15f4fa75c4a520506af1d3106cfe757a11bdb155afd5cae1def29cc13e06c5db74c001ac16d21361ed3425b1db1697859e18d3b9e2a0c9f99c4f68
-
SSDEEP
12288:Ap3JDQAu5fdU6AdozuoTnsSu07dIIaYwKFd9iGWOCKjEWf8XgtpsDUdIQEm7ZxS:Ap5u1G6AWK/C7dnap89b98Xmm/m72
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-