Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RIOT BRUTE v.0.7.exe
-
Size
41.4MB
-
Sample
230415-s5qjvsgb6x
-
MD5
78dd0c1b766ac88a465b462969e1e7c1
-
SHA1
5dca6845eabdbd89bb7cfe30dab8e59b909274b1
-
SHA256
e755ee8301b3bc79e0aef9dad46b17f5ed7aff12a23986702c53dac1592d0669
-
SHA512
d6e7563c106f1355389b31ac84697c2926fd43f173f027fa30dec5dca4cd4cee9470e559c2ed34dc47f30809c8ce91ec98b40f05724070eab54d8a3f300cd53f
-
SSDEEP
786432:EHf+YFT57yO5I27EImKCD0S+F22DPToF/e6Gj4XN4Kzgk3WDsFBhnaHABaUI7d48:EHf+YFMO5tnowBDEF/y4NbBhnFBC3ok
Behavioral task
behavioral1
Sample
RIOT BRUTE v.0.7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RIOT BRUTE v.0.7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
1871187217_99
dragrun.top:28786
-
auth_value
c632c0eb14cc516c3818f68efcd30269
Targets
-
-
Target
RIOT BRUTE v.0.7.exe
-
Size
41.4MB
-
MD5
78dd0c1b766ac88a465b462969e1e7c1
-
SHA1
5dca6845eabdbd89bb7cfe30dab8e59b909274b1
-
SHA256
e755ee8301b3bc79e0aef9dad46b17f5ed7aff12a23986702c53dac1592d0669
-
SHA512
d6e7563c106f1355389b31ac84697c2926fd43f173f027fa30dec5dca4cd4cee9470e559c2ed34dc47f30809c8ce91ec98b40f05724070eab54d8a3f300cd53f
-
SSDEEP
786432:EHf+YFT57yO5I27EImKCD0S+F22DPToF/e6Gj4XN4Kzgk3WDsFBhnaHABaUI7d48:EHf+YFMO5tnowBDEF/y4NbBhnFBC3ok
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-