Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d6c68500b47cd7db3b4c164270aef1475fd431a2c915e6792ce712dd43b10f9e
-
Size
1.0MB
-
Sample
230413-d4r9qshb65
-
MD5
163deccb385e6c5a45ac1e198504fd20
-
SHA1
59887837031c9867e85aa30f5052e78960453128
-
SHA256
d6c68500b47cd7db3b4c164270aef1475fd431a2c915e6792ce712dd43b10f9e
-
SHA512
49697444b9b09ed0a6320e15afbdece7fc5c0e981faf12b96a71bb39f52df6277ab303f613bbb9dc42a3ddf87e172a301d213d59be84f90175af5db3fd3149d3
-
SSDEEP
24576:5yvM7ofK8Zjxsf+ku5lm8w+cld8d35a4zlXjqv:sioy2Df680kft
Static task
static1
Behavioral task
behavioral1
Sample
d6c68500b47cd7db3b4c164270aef1475fd431a2c915e6792ce712dd43b10f9e.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diro
185.161.248.90:4125
-
auth_value
ae95bda0dd2e95169886a3a68138568b
Targets
-
-
Target
d6c68500b47cd7db3b4c164270aef1475fd431a2c915e6792ce712dd43b10f9e
-
Size
1.0MB
-
MD5
163deccb385e6c5a45ac1e198504fd20
-
SHA1
59887837031c9867e85aa30f5052e78960453128
-
SHA256
d6c68500b47cd7db3b4c164270aef1475fd431a2c915e6792ce712dd43b10f9e
-
SHA512
49697444b9b09ed0a6320e15afbdece7fc5c0e981faf12b96a71bb39f52df6277ab303f613bbb9dc42a3ddf87e172a301d213d59be84f90175af5db3fd3149d3
-
SSDEEP
24576:5yvM7ofK8Zjxsf+ku5lm8w+cld8d35a4zlXjqv:sioy2Df680kft
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-