Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6
-
Size
537KB
-
Sample
230403-crvzesdf4v
-
MD5
74df1d10e0a2edb8eb8fb12a140508d1
-
SHA1
99b578e09980d4d70d383709d8b5eaa01b551b58
-
SHA256
1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6
-
SHA512
8fa145eebd8fca953c64051c9408793e40bc7179fe6362fbbe53d8b43635c53e05c8a742e283b81f0ed4618349b30b75f4e637e5f274479d6578e25864bd4cd7
-
SSDEEP
12288:7MrPy90eRQSkD0TzYFJyU3SHRw+vNFAuNgv:oypRDy0TzCJyfxwMlgv
Static task
static1
Behavioral task
behavioral1
Sample
1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6
-
Size
537KB
-
MD5
74df1d10e0a2edb8eb8fb12a140508d1
-
SHA1
99b578e09980d4d70d383709d8b5eaa01b551b58
-
SHA256
1de84a4a3b54cdf20bdcdaa05ef785f628536c302302db8430529a8dc20d6de6
-
SHA512
8fa145eebd8fca953c64051c9408793e40bc7179fe6362fbbe53d8b43635c53e05c8a742e283b81f0ed4618349b30b75f4e637e5f274479d6578e25864bd4cd7
-
SSDEEP
12288:7MrPy90eRQSkD0TzYFJyU3SHRw+vNFAuNgv:oypRDy0TzCJyfxwMlgv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-