Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af
-
Size
659KB
-
Sample
230402-c8drgaff2x
-
MD5
07c81b72ac92b7e40a08011ff39d0ef1
-
SHA1
877c37632155b1251fac6f636d58388d1c4bf1ce
-
SHA256
bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af
-
SHA512
32d047511476ef91d59b9c87ffdb1531e425c9c6413d2c9ee6ffb2913b43f3f30b4c85dd692ccd9decc58f3b6e5ab218fa00e7f27c45180d16ea2bf1a226a0ed
-
SSDEEP
12288:EMrMy90Zl2qFuOE0F56EKY2y0+GY41lof5Ksa/Pm3tQdF:Yy+2+x36TvtY41iAdm9QdF
Static task
static1
Behavioral task
behavioral1
Sample
bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af
-
Size
659KB
-
MD5
07c81b72ac92b7e40a08011ff39d0ef1
-
SHA1
877c37632155b1251fac6f636d58388d1c4bf1ce
-
SHA256
bbebced73d21b07851a5be80183630613202ccbc6f07b6890eb088a4489cb8af
-
SHA512
32d047511476ef91d59b9c87ffdb1531e425c9c6413d2c9ee6ffb2913b43f3f30b4c85dd692ccd9decc58f3b6e5ab218fa00e7f27c45180d16ea2bf1a226a0ed
-
SSDEEP
12288:EMrMy90Zl2qFuOE0F56EKY2y0+GY41lof5Ksa/Pm3tQdF:Yy+2+x36TvtY41iAdm9QdF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-