Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f
-
Size
699KB
-
Sample
230328-xtgj2aed21
-
MD5
e9247415d15c3bf0d0f456b94f66d279
-
SHA1
f9a72e11626d26469a7a52ff95d3330867be003b
-
SHA256
fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f
-
SHA512
52e2fd7f7b90f5ed0a68f2cfccf424d989c55cacc925882415ebf142ec5dc02ae0d681de4015995f0dd4bb2c55283f12e099a78fc4a87bf9e4a12ab0b8fc7ffa
-
SSDEEP
12288:1MrHy90bFwQVr7Fw9Sl0mvwdeE5cIgxx+uWoN8/Fsqc2Ux6E:6yRIy4GOwjcI8xnO/FW2UX
Static task
static1
Behavioral task
behavioral1
Sample
fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f
-
Size
699KB
-
MD5
e9247415d15c3bf0d0f456b94f66d279
-
SHA1
f9a72e11626d26469a7a52ff95d3330867be003b
-
SHA256
fc421254213df5ee8771db7a54f45406681d68f44cdfbfb30df538638e46c44f
-
SHA512
52e2fd7f7b90f5ed0a68f2cfccf424d989c55cacc925882415ebf142ec5dc02ae0d681de4015995f0dd4bb2c55283f12e099a78fc4a87bf9e4a12ab0b8fc7ffa
-
SSDEEP
12288:1MrHy90bFwQVr7Fw9Sl0mvwdeE5cIgxx+uWoN8/Fsqc2Ux6E:6yRIy4GOwjcI8xnO/FW2UX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-