Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02
-
Size
685KB
-
Sample
230327-sej96aea29
-
MD5
7170710f160f0080d02b94779a53f277
-
SHA1
378638fbb9579bd46f635058e11001cb7e4f676a
-
SHA256
da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02
-
SHA512
2d4499789d8912ec79b18e6881155cc7ccb65b3827a08a9da7d63979f24e5737870c0c565e8bdd0c535b924b6984b332d352480e364223811856b77495af170e
-
SSDEEP
12288:rMrmy90iIeroQM2rTLszDLjGD7M9XjRBIBrRwEJo44zWlfA5q:FyoNt2rMzDHGY9TQhRwEJobYA5q
Static task
static1
Behavioral task
behavioral1
Sample
da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02
-
Size
685KB
-
MD5
7170710f160f0080d02b94779a53f277
-
SHA1
378638fbb9579bd46f635058e11001cb7e4f676a
-
SHA256
da3866412b6a1bd2804ed799ec23dfc31f573dcfc9f4ad3fea1481ebb5023e02
-
SHA512
2d4499789d8912ec79b18e6881155cc7ccb65b3827a08a9da7d63979f24e5737870c0c565e8bdd0c535b924b6984b332d352480e364223811856b77495af170e
-
SSDEEP
12288:rMrmy90iIeroQM2rTLszDLjGD7M9XjRBIBrRwEJo44zWlfA5q:FyoNt2rMzDHGY9TQhRwEJobYA5q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-