Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d
-
Size
850KB
-
Sample
230502-lmdzsacd2y
-
MD5
c0ce2c4f24796cf99efce0d2f4d05ebc
-
SHA1
c956b06c8cd02be9afb293f02b05fef461c2454c
-
SHA256
22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d
-
SHA512
403a97b83cf2462e3d46e611daf11d27aaecd5c06125e2007cda5e68f0ed37fd6d6aa1e61a807548ba0313932a3b50fd5ab2d19cb26b15d9a1d6222e8282ff39
-
SSDEEP
24576:PydjrE4HDN9IYdSoIm8PZ6Cc4aFwjwVLLZ4B:ad7fIib8a4KNLW
Static task
static1
Behavioral task
behavioral1
Sample
22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d
-
Size
850KB
-
MD5
c0ce2c4f24796cf99efce0d2f4d05ebc
-
SHA1
c956b06c8cd02be9afb293f02b05fef461c2454c
-
SHA256
22efd7e40a5b2b0445ed874a5795f96a98f98c3cdc0ad10cf24e0fe2086b6e2d
-
SHA512
403a97b83cf2462e3d46e611daf11d27aaecd5c06125e2007cda5e68f0ed37fd6d6aa1e61a807548ba0313932a3b50fd5ab2d19cb26b15d9a1d6222e8282ff39
-
SSDEEP
24576:PydjrE4HDN9IYdSoIm8PZ6Cc4aFwjwVLLZ4B:ad7fIib8a4KNLW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-