Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802
-
Size
659KB
-
Sample
230329-ac8kvsff6z
-
MD5
486164cba30558ad4f1cd52e508f807a
-
SHA1
edeb065b81b6e9ee57b4df4cab6eb31ca382a422
-
SHA256
e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802
-
SHA512
3440db0b6495621398311bab930bffdefcae13783c93f3343bbbdd2447917b1463d183133cbf0c6f83f382b6cccb93001a5f08d07add59e4f79fa9b35b6bd7ee
-
SSDEEP
12288:aMrcy90VVzqSVlUy3So1YAKOLKw+GHkTi6youYdp2DEc0RA:6ygLVlUxMbBKa0i6yoADaRA
Static task
static1
Behavioral task
behavioral1
Sample
e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zaza
176.113.115.145:4125
-
auth_value
48bf44c663fe3c1035fb4dd0b91fde5d
Targets
-
-
Target
e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802
-
Size
659KB
-
MD5
486164cba30558ad4f1cd52e508f807a
-
SHA1
edeb065b81b6e9ee57b4df4cab6eb31ca382a422
-
SHA256
e8280e61cc4a5609efd3d332e4d39dde5c4f65aed4fa21ac67c3d7176b1e5802
-
SHA512
3440db0b6495621398311bab930bffdefcae13783c93f3343bbbdd2447917b1463d183133cbf0c6f83f382b6cccb93001a5f08d07add59e4f79fa9b35b6bd7ee
-
SSDEEP
12288:aMrcy90VVzqSVlUy3So1YAKOLKw+GHkTi6youYdp2DEc0RA:6ygLVlUxMbBKa0i6yoADaRA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-