Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c8fd59d93d965d4752d3f4948df648361b772f774f8971fce09b9eabc99a6601
-
Size
688KB
-
Sample
230327-pg1hdadd43
-
MD5
bc4192ca2cfbe32cb2bf2eb8504b4fba
-
SHA1
80c20f89f492624e0840bef1d8c6f67197fa76b2
-
SHA256
c8fd59d93d965d4752d3f4948df648361b772f774f8971fce09b9eabc99a6601
-
SHA512
2a403aad19129f8df1041d5f18370baeb2098aae9badd26cd062de7c00c519a3dce3b830593fa443e05124bf0aad7d4e1b2ac619bb37c72d41a56f0649f510b1
-
SSDEEP
12288:AMr8y909DJSBHtkd95kmnIOBIaSfTCooZIefzWfHvCAZEQ5utGBZ3ZhP:syfxtonIOBIaSbCU0zWfPR3MGBFZt
Static task
static1
Behavioral task
behavioral1
Sample
c8fd59d93d965d4752d3f4948df648361b772f774f8971fce09b9eabc99a6601.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
c8fd59d93d965d4752d3f4948df648361b772f774f8971fce09b9eabc99a6601
-
Size
688KB
-
MD5
bc4192ca2cfbe32cb2bf2eb8504b4fba
-
SHA1
80c20f89f492624e0840bef1d8c6f67197fa76b2
-
SHA256
c8fd59d93d965d4752d3f4948df648361b772f774f8971fce09b9eabc99a6601
-
SHA512
2a403aad19129f8df1041d5f18370baeb2098aae9badd26cd062de7c00c519a3dce3b830593fa443e05124bf0aad7d4e1b2ac619bb37c72d41a56f0649f510b1
-
SSDEEP
12288:AMr8y909DJSBHtkd95kmnIOBIaSfTCooZIefzWfHvCAZEQ5utGBZ3ZhP:syfxtonIOBIaSbCU0zWfPR3MGBFZt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-