Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
36844749e5b97abd8f1e811d987596a8c20cc30e7f9689c9ca573c3afc1076cf
-
Size
555KB
-
Sample
230325-kj7l9abh73
-
MD5
534830f3ec556573f8ecf373708f43a8
-
SHA1
01c4f993ceeb52842ca27d6110827f2c57a9eb11
-
SHA256
36844749e5b97abd8f1e811d987596a8c20cc30e7f9689c9ca573c3afc1076cf
-
SHA512
f0828c5fb8e19ac8a665d386c9ce6aa8dc44bbb063a614b52fc870ba7a9253ac79e9377d682ebd6ef795802f27d02543801ac39789e7eaed8e8fff4f285f671b
-
SSDEEP
12288:3MrSy90PhUVXO53DN2RNYwXVbwEc7Ge4F3d1MUbd2oXCD4eSZO:Zy5O53DNQfXVbjc7GjGoXCD4s
Static task
static1
Behavioral task
behavioral1
Sample
36844749e5b97abd8f1e811d987596a8c20cc30e7f9689c9ca573c3afc1076cf.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
rotik
193.233.20.32:4125
-
auth_value
74863478ae154e921eb729354d2bb4bd
Targets
-
-
Target
36844749e5b97abd8f1e811d987596a8c20cc30e7f9689c9ca573c3afc1076cf
-
Size
555KB
-
MD5
534830f3ec556573f8ecf373708f43a8
-
SHA1
01c4f993ceeb52842ca27d6110827f2c57a9eb11
-
SHA256
36844749e5b97abd8f1e811d987596a8c20cc30e7f9689c9ca573c3afc1076cf
-
SHA512
f0828c5fb8e19ac8a665d386c9ce6aa8dc44bbb063a614b52fc870ba7a9253ac79e9377d682ebd6ef795802f27d02543801ac39789e7eaed8e8fff4f285f671b
-
SSDEEP
12288:3MrSy90PhUVXO53DN2RNYwXVbwEc7Ge4F3d1MUbd2oXCD4eSZO:Zy5O53DNQfXVbjc7GjGoXCD4s
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-