Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381
-
Size
722KB
-
Sample
230325-zchrwagd4w
-
MD5
06c5e664b2311d9a2c5e645e055c29d5
-
SHA1
e7a9627695ddf10dc8cb6db6b70f441d7098d0fa
-
SHA256
172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381
-
SHA512
7929cc524f22ba2f329dbd76d2dba9e64c437124486d75ae59d97430c90a08fcb9141b6c59d03988ff32c39a3da2d706bbbcf19861a656f9cf60416b7fe74a6d
-
SSDEEP
12288:R1J7ppIKstg6eUo1UbOYIPrdHK939cA3mQo2PC5YCn9yAMX6w2Im3Gn9u:R1mKsq6ajPVQoY69ydqws3GnY
Static task
static1
Behavioral task
behavioral1
Sample
172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
viza
193.233.20.32:4125
-
auth_value
153a106a89fae7251f2dc17be2eb5720
Targets
-
-
Target
172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381
-
Size
722KB
-
MD5
06c5e664b2311d9a2c5e645e055c29d5
-
SHA1
e7a9627695ddf10dc8cb6db6b70f441d7098d0fa
-
SHA256
172002fcc80d6982314253136b361805a739e2e75513d4c15abdc4a3808cb381
-
SHA512
7929cc524f22ba2f329dbd76d2dba9e64c437124486d75ae59d97430c90a08fcb9141b6c59d03988ff32c39a3da2d706bbbcf19861a656f9cf60416b7fe74a6d
-
SSDEEP
12288:R1J7ppIKstg6eUo1UbOYIPrdHK939cA3mQo2PC5YCn9yAMX6w2Im3Gn9u:R1mKsq6ajPVQoY69ydqws3GnY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-