Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e
-
Size
1.5MB
-
Sample
230501-1evpwsaf5x
-
MD5
1ba754a29c497ee92b101a0504a62a25
-
SHA1
e59241561d57a5a05f982fee69bc9de149f2a38b
-
SHA256
089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e
-
SHA512
6230dec10914fe14777d87f1e39b6b314e9f33e89e48a93e7e83ab2777622e6a5178cbce3e89b6489c721b47920d49b0c3ca78a0d4d7be8eb132bf4833244c37
-
SSDEEP
49152:7fTKMUdETmkjSf8q3PpIuXQZIWn/fsGNKTYT:DTKjE6RsrIWM2+
Static task
static1
Behavioral task
behavioral1
Sample
089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
maza
185.161.248.73:4164
-
auth_value
474d54c1c2f5291290c53f8378acd684
Targets
-
-
Target
089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e
-
Size
1.5MB
-
MD5
1ba754a29c497ee92b101a0504a62a25
-
SHA1
e59241561d57a5a05f982fee69bc9de149f2a38b
-
SHA256
089a9618b65dca0c631fb45fc0bdd6f87a43a1e8d6d03c2c6b66c2cffbc3b63e
-
SHA512
6230dec10914fe14777d87f1e39b6b314e9f33e89e48a93e7e83ab2777622e6a5178cbce3e89b6489c721b47920d49b0c3ca78a0d4d7be8eb132bf4833244c37
-
SSDEEP
49152:7fTKMUdETmkjSf8q3PpIuXQZIWn/fsGNKTYT:DTKjE6RsrIWM2+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-