Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e296a0f2a5d3da9596971bb3aedbca617498216647a3677ee49a68a09953a841
-
Size
490KB
-
Sample
230510-bks1tafe6x
-
MD5
f19db1e1ba7eca01ce0231741775fcf9
-
SHA1
e81388a99c1b9f733aa92c17e1e76445c298e571
-
SHA256
e296a0f2a5d3da9596971bb3aedbca617498216647a3677ee49a68a09953a841
-
SHA512
bce53b7ea48697ce249d0f5af60683cc1fae2d36100947518963e37c7e4f3f6c141ec2a247b41cc1e09e66255ad68cc617b41828c0f77a8a5d07447a6fc475b9
-
SSDEEP
12288:fMriy90ucCr6BVx4Fq4m8PCMOUh4SaT8KO5Iww:JyN6BnT4LLmO5Pw
Static task
static1
Behavioral task
behavioral1
Sample
e296a0f2a5d3da9596971bb3aedbca617498216647a3677ee49a68a09953a841.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lurfa
217.196.96.102:4132
-
auth_value
f6c26c2a5c6c25ae5b2e9abf31f6341d
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
vidar
3.8
fc67c63025837fde307ba18d95f5f729
https://steamcommunity.com/profiles/76561198272578552
https://t.me/libpcre
-
profile_id_v2
fc67c63025837fde307ba18d95f5f729
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7
Targets
-
-
Target
e296a0f2a5d3da9596971bb3aedbca617498216647a3677ee49a68a09953a841
-
Size
490KB
-
MD5
f19db1e1ba7eca01ce0231741775fcf9
-
SHA1
e81388a99c1b9f733aa92c17e1e76445c298e571
-
SHA256
e296a0f2a5d3da9596971bb3aedbca617498216647a3677ee49a68a09953a841
-
SHA512
bce53b7ea48697ce249d0f5af60683cc1fae2d36100947518963e37c7e4f3f6c141ec2a247b41cc1e09e66255ad68cc617b41828c0f77a8a5d07447a6fc475b9
-
SSDEEP
12288:fMriy90ucCr6BVx4Fq4m8PCMOUh4SaT8KO5Iww:JyN6BnT4LLmO5Pw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-