Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104
-
Size
659KB
-
Sample
230401-vc161acf4v
-
MD5
91ca0dec126c2a9701c5b7221488fdb1
-
SHA1
d5d641860b99931fbb3b8cce94bd45343267307e
-
SHA256
1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104
-
SHA512
44fc0cb4dc680d45b882fc3c28bfc34d273fec496058b81a28fe7ea49ad46812a50a9b46b349159d3391db75b77e830d2b4c3599aa4af5f27f08160188f3a81a
-
SSDEEP
12288:DMrEy90lOomXcA+wnYGDK9xDAclp+CPGCcT7TTes/J/+EAZxd3VopT:ryOEcA5YGjEp+1Tr3/1+EAzdWpT
Static task
static1
Behavioral task
behavioral1
Sample
1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104
-
Size
659KB
-
MD5
91ca0dec126c2a9701c5b7221488fdb1
-
SHA1
d5d641860b99931fbb3b8cce94bd45343267307e
-
SHA256
1d6a271ff33c6f5f78b810e7a4681e45080318cce8186d12a98545f9502cb104
-
SHA512
44fc0cb4dc680d45b882fc3c28bfc34d273fec496058b81a28fe7ea49ad46812a50a9b46b349159d3391db75b77e830d2b4c3599aa4af5f27f08160188f3a81a
-
SSDEEP
12288:DMrEy90lOomXcA+wnYGDK9xDAclp+CPGCcT7TTes/J/+EAZxd3VopT:ryOEcA5YGjEp+1Tr3/1+EAzdWpT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-