Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5
-
Size
587KB
-
Sample
230504-jrartacf8x
-
MD5
53fbce78f80838f397e3ceb60cbe9f13
-
SHA1
a01e83220a4108df5919ae24f72bfe1f1e60fec6
-
SHA256
f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5
-
SHA512
ea0b023a0b244bef57854ece6f5918a56c18123b60116607af52913ae028adb66878a1b6316cde291eb5484d76119b94660be05d345fd5c2707b9d3360e90dc9
-
SSDEEP
12288:uMrMy90IPcJNEtklr4Hah8Ffmaanw84o+2+wLY1l3C+Tyh:SyxWy6hgufw84BdwLuly+Tyh
Static task
static1
Behavioral task
behavioral1
Sample
f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daris
217.196.96.56:4138
-
auth_value
3491f24ae0250969cd45ce4b3fe77549
Targets
-
-
Target
f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5
-
Size
587KB
-
MD5
53fbce78f80838f397e3ceb60cbe9f13
-
SHA1
a01e83220a4108df5919ae24f72bfe1f1e60fec6
-
SHA256
f5fd03761de3f97fa947a41600ce439f3a3ceb319fe310c38812a722a2b30ba5
-
SHA512
ea0b023a0b244bef57854ece6f5918a56c18123b60116607af52913ae028adb66878a1b6316cde291eb5484d76119b94660be05d345fd5c2707b9d3360e90dc9
-
SSDEEP
12288:uMrMy90IPcJNEtklr4Hah8Ffmaanw84o+2+wLY1l3C+Tyh:SyxWy6hgufw84BdwLuly+Tyh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-