Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f8fd5c9f00765fec771623d53f11feb406e345fa3f2c92388b13d22aab62ce17
-
Size
537KB
-
Sample
230402-th4nmsae5s
-
MD5
11cd6404fa3f770ba77d6d7626599451
-
SHA1
a4bcbd6435161313de7e42d03df79e9219e850cf
-
SHA256
f8fd5c9f00765fec771623d53f11feb406e345fa3f2c92388b13d22aab62ce17
-
SHA512
b4dd2321ab552a13ed6c06b81d2937762aa0d6330203ca66b6f7f8d0c947a93b3692c0b90809c3e913817f8492a3e9fb4a6a49bcfd4016b8ad8216d9d250e737
-
SSDEEP
12288:/Mrcy90A01sAExSxLHFZaBBj6qRfG7oHnzIPjvxIHeg2XQEesHXI:LyV01sAGSxj1R2nUP1I+XQ6HY
Static task
static1
Behavioral task
behavioral1
Sample
f8fd5c9f00765fec771623d53f11feb406e345fa3f2c92388b13d22aab62ce17.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f8fd5c9f00765fec771623d53f11feb406e345fa3f2c92388b13d22aab62ce17
-
Size
537KB
-
MD5
11cd6404fa3f770ba77d6d7626599451
-
SHA1
a4bcbd6435161313de7e42d03df79e9219e850cf
-
SHA256
f8fd5c9f00765fec771623d53f11feb406e345fa3f2c92388b13d22aab62ce17
-
SHA512
b4dd2321ab552a13ed6c06b81d2937762aa0d6330203ca66b6f7f8d0c947a93b3692c0b90809c3e913817f8492a3e9fb4a6a49bcfd4016b8ad8216d9d250e737
-
SSDEEP
12288:/Mrcy90A01sAExSxLHFZaBBj6qRfG7oHnzIPjvxIHeg2XQEesHXI:LyV01sAGSxj1R2nUP1I+XQ6HY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-