Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9
-
Size
687KB
-
Sample
230327-nbrgvadb94
-
MD5
a844ff8b435e3b2a29ea43b689eaa3e2
-
SHA1
5f435a4b850bc86cbe1acf8a40098e54fe32d688
-
SHA256
48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9
-
SHA512
2fb75123c1f187314334ffe3fa5dff52ec27404ece2b2adeea33bd04631b0c389fdb37bcfddd04f09bf12455ec9d972b907ccdcb3592a2ed309c47c73108a5df
-
SSDEEP
12288:qMrry90ML3UyfwsP5DL+XwHJsJVoOS6WBsgJQdHZDgPwFO6ZcGdrg89aTnamv:9yh3wNXwpDXeg65ZDPnK8o+w
Static task
static1
Behavioral task
behavioral1
Sample
48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9
-
Size
687KB
-
MD5
a844ff8b435e3b2a29ea43b689eaa3e2
-
SHA1
5f435a4b850bc86cbe1acf8a40098e54fe32d688
-
SHA256
48d759c0fb7edef2c502b1f93a9960ee290e8355dbd30b4a3ffd6ff8f74110b9
-
SHA512
2fb75123c1f187314334ffe3fa5dff52ec27404ece2b2adeea33bd04631b0c389fdb37bcfddd04f09bf12455ec9d972b907ccdcb3592a2ed309c47c73108a5df
-
SSDEEP
12288:qMrry90ML3UyfwsP5DL+XwHJsJVoOS6WBsgJQdHZDgPwFO6ZcGdrg89aTnamv:9yh3wNXwpDXeg65ZDPnK8o+w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-