Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d
-
Size
587KB
-
Sample
230504-f628tsaa98
-
MD5
79d84d5750d8252894b780a4e867141a
-
SHA1
844efbaed71b72dad37b71b00e7130e2c327d5d0
-
SHA256
a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d
-
SHA512
09fbd3750bbc5fe9bc93bcc29a1877be312004d29eb455d44ca327cc2b59d2c8b15674702f94fce43dc80179a0e495244e851136101c0a3fc710f43309155529
-
SSDEEP
12288:1Mr6y90uTfzO1L+GbhyL5UzhEMr0fyNReqZIFoWcDbJo:by97OL+qhy9UzmUduq8Co
Static task
static1
Behavioral task
behavioral1
Sample
a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d
-
Size
587KB
-
MD5
79d84d5750d8252894b780a4e867141a
-
SHA1
844efbaed71b72dad37b71b00e7130e2c327d5d0
-
SHA256
a4e7c7792d342c4e4e8a147ba01f8c8d630848086b20d8e35c24d6200fd0335d
-
SHA512
09fbd3750bbc5fe9bc93bcc29a1877be312004d29eb455d44ca327cc2b59d2c8b15674702f94fce43dc80179a0e495244e851136101c0a3fc710f43309155529
-
SSDEEP
12288:1Mr6y90uTfzO1L+GbhyL5UzhEMr0fyNReqZIFoWcDbJo:by97OL+qhy9UzmUduq8Co
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-