Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7cd74cc15ea82152d9213c7a190f881ac6b9bb47429d7d1819276d10df098784
-
Size
492KB
-
Sample
230506-rlg8pshe57
-
MD5
d4d6a3534bc863b09a40371057bbd90d
-
SHA1
e62075e240f1b428883886b70db9336582a1c8f6
-
SHA256
7cd74cc15ea82152d9213c7a190f881ac6b9bb47429d7d1819276d10df098784
-
SHA512
b640e83e5222ec51af5dde77998a792334342a50fe4ff1f0237cee3ecf9ca03637aec271e77ad75c32a08e4706cd13c7d037c848a7940794451a330b3ec33ff5
-
SSDEEP
12288:6MrCy90KjUi+gp6urlLyPZf8rxLvVvrJJ1:sy7qM6gOJ8ZVf1
Static task
static1
Behavioral task
behavioral1
Sample
7cd74cc15ea82152d9213c7a190f881ac6b9bb47429d7d1819276d10df098784.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luna
217.196.96.101:4132
-
auth_value
3372be6f6fa192ff878fa6fe9be73f6e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
7cd74cc15ea82152d9213c7a190f881ac6b9bb47429d7d1819276d10df098784
-
Size
492KB
-
MD5
d4d6a3534bc863b09a40371057bbd90d
-
SHA1
e62075e240f1b428883886b70db9336582a1c8f6
-
SHA256
7cd74cc15ea82152d9213c7a190f881ac6b9bb47429d7d1819276d10df098784
-
SHA512
b640e83e5222ec51af5dde77998a792334342a50fe4ff1f0237cee3ecf9ca03637aec271e77ad75c32a08e4706cd13c7d037c848a7940794451a330b3ec33ff5
-
SSDEEP
12288:6MrCy90KjUi+gp6urlLyPZf8rxLvVvrJJ1:sy7qM6gOJ8ZVf1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-