Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b0c80947d4afd368646feffc884715483a8e95af8fc47615ba9af0a36d1a9237
-
Size
1.3MB
-
Sample
230504-n471asdh9s
-
MD5
b4914d967f4489b22b3431e759f86dae
-
SHA1
59454698610cb031164d9f570b91d93f77082571
-
SHA256
b0c80947d4afd368646feffc884715483a8e95af8fc47615ba9af0a36d1a9237
-
SHA512
6d26d85011313c88b213e1bb2c396cb2af436a6359100e8972bccd6eb537869b013ca3467deaac7fac3acf4f17d8de3b73d541da5b3f8b99d47ed7d973621b9e
-
SSDEEP
24576:KyKujagaCexYK0IzrIDHfJqDAOcfVajTo3212a6Vl11ms+ii7F:RKubjy0Is6A9fV+u21gx11+t
Static task
static1
Behavioral task
behavioral1
Sample
b0c80947d4afd368646feffc884715483a8e95af8fc47615ba9af0a36d1a9237.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boom
217.196.96.56:4138
-
auth_value
1ce6aebe15bac07a7bc88b114bc49335
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
b0c80947d4afd368646feffc884715483a8e95af8fc47615ba9af0a36d1a9237
-
Size
1.3MB
-
MD5
b4914d967f4489b22b3431e759f86dae
-
SHA1
59454698610cb031164d9f570b91d93f77082571
-
SHA256
b0c80947d4afd368646feffc884715483a8e95af8fc47615ba9af0a36d1a9237
-
SHA512
6d26d85011313c88b213e1bb2c396cb2af436a6359100e8972bccd6eb537869b013ca3467deaac7fac3acf4f17d8de3b73d541da5b3f8b99d47ed7d973621b9e
-
SSDEEP
24576:KyKujagaCexYK0IzrIDHfJqDAOcfVajTo3212a6Vl11ms+ii7F:RKubjy0Is6A9fV+u21gx11+t
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-