Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8332afd2b2ceabb42843e429cff83e0ed7f2a693d6c62b9a3d5b845966745598
-
Size
480KB
-
Sample
230504-espvxahg67
-
MD5
573ac023cd3132b29234b30d58c9e19b
-
SHA1
033af447fe524326576bb119574636d1538f8835
-
SHA256
8332afd2b2ceabb42843e429cff83e0ed7f2a693d6c62b9a3d5b845966745598
-
SHA512
ba548ae79d6438be3e78efb4cf15610a1828f03499daed061e1d767a32fa66bb92f2f0e14e6d2c75fd73a4714c798fa208f120887dab17c842b9d2dd1e8f8ecc
-
SSDEEP
12288:eMray90wV3xe5eauoFSHxiJZBt4WgwgFJkN:AyjpxQ4vxqBIwg/q
Static task
static1
Behavioral task
behavioral1
Sample
8332afd2b2ceabb42843e429cff83e0ed7f2a693d6c62b9a3d5b845966745598.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
8332afd2b2ceabb42843e429cff83e0ed7f2a693d6c62b9a3d5b845966745598
-
Size
480KB
-
MD5
573ac023cd3132b29234b30d58c9e19b
-
SHA1
033af447fe524326576bb119574636d1538f8835
-
SHA256
8332afd2b2ceabb42843e429cff83e0ed7f2a693d6c62b9a3d5b845966745598
-
SHA512
ba548ae79d6438be3e78efb4cf15610a1828f03499daed061e1d767a32fa66bb92f2f0e14e6d2c75fd73a4714c798fa208f120887dab17c842b9d2dd1e8f8ecc
-
SSDEEP
12288:eMray90wV3xe5eauoFSHxiJZBt4WgwgFJkN:AyjpxQ4vxqBIwg/q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-