Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f04fa749dcf49685eda7f0bbcdf18b8441d4e078f72e943927435ef137829589
-
Size
1.5MB
-
Sample
230502-cnes2abc4z
-
MD5
fbe4e0a09cd8f0bc4453341a3f56b937
-
SHA1
c1dfe90e699a4647365da6fb63a46853f085aed1
-
SHA256
f04fa749dcf49685eda7f0bbcdf18b8441d4e078f72e943927435ef137829589
-
SHA512
fee2fb36549cd2abe038e283db210b04ae60246aa1b2e283c1a0b28f1f5d4b94e79a7b4688b473c9762a056300b64f21b7495de84984cbc340b8560d2daa0bb9
-
SSDEEP
24576:/yO9fbHUSnvsLrM+H1qljIDx0pzVTuUFcf5B+eGr/FUQrx16XPIxJbhBV2OAsP:KO0svarM+H5DCBu4ixGr/yGRxlhBV5
Static task
static1
Behavioral task
behavioral1
Sample
f04fa749dcf49685eda7f0bbcdf18b8441d4e078f72e943927435ef137829589.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
f04fa749dcf49685eda7f0bbcdf18b8441d4e078f72e943927435ef137829589
-
Size
1.5MB
-
MD5
fbe4e0a09cd8f0bc4453341a3f56b937
-
SHA1
c1dfe90e699a4647365da6fb63a46853f085aed1
-
SHA256
f04fa749dcf49685eda7f0bbcdf18b8441d4e078f72e943927435ef137829589
-
SHA512
fee2fb36549cd2abe038e283db210b04ae60246aa1b2e283c1a0b28f1f5d4b94e79a7b4688b473c9762a056300b64f21b7495de84984cbc340b8560d2daa0bb9
-
SSDEEP
24576:/yO9fbHUSnvsLrM+H1qljIDx0pzVTuUFcf5B+eGr/FUQrx16XPIxJbhBV2OAsP:KO0svarM+H5DCBu4ixGr/yGRxlhBV5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-