Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Analysis of cochang private key leak event on March 21, 2023.pdf.zip
-
Size
28.7MB
-
Sample
230326-g9hh9sfg25
-
MD5
14590ed407ac3137dfebf6e577738b6f
-
SHA1
4c57d1fdf4b14bfbfaee2adefe1a186bb48b7fcd
-
SHA256
8849188015f3e48dff6985bd0b823fb744da1e65e7ac93fed19e370e3af419d3
-
SHA512
0179b1852e1c0062c906613c0eedb681d345c468d12754efda7b0970ad9441caf5a483f05a48ed3e2f811154491678496936a6304b95f85375c8e057c8ecfe8b
-
SSDEEP
393216:PdRMyQ5nDRugTM6ZWK4GV+Pws5TttG9/yaxC67GHh6FKLNhvNzkRZO9DXwhT+GbK:PYp1nM6WO+1TOxeMFkNJN40DAhKGbEfH
Static task
static1
Behavioral task
behavioral1
Sample
Analysis of cochang private key leak event on March 21, 2023.pdf.scr
Resource
win7-20230220-en
Malware Config
Extracted
redline
1-2potok
212.113.116.143:29996
-
auth_value
b5701ee96cdcd1581bc7b0c10049e64b
Targets
-
-
Target
Analysis of cochang private key leak event on March 21, 2023.pdf.scr
-
Size
29.3MB
-
MD5
0995c7e65e37b776d64b283ca1f21489
-
SHA1
c5f056d287d852a4c88029f3dd863b27e2a7ec77
-
SHA256
adfc6d2b25d8aba59c5b358a1ec69a0d9e79d7636999f6232454397435f035a3
-
SHA512
e05ff36f2d5db1a3bbf6583554ddcad5980ac74782e4b2082a5442f9a8b54b54022848d218d0fa96083176aef6cc2671a0c99a34a717d37073d0ed2c3d79f627
-
SSDEEP
786432:SjMR4qHLpizyVp/1q1rINsjsq3gazg7ag:0BqHBV1q1rImjsQxPg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-