Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5
-
Size
753KB
-
Sample
230601-t2m51afc68
-
MD5
8fac869739d494422f6f6fb7dd76ca54
-
SHA1
4aa066e69b00afe7eb964482ece608d787e21576
-
SHA256
13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5
-
SHA512
0ada800f99f28cb202bf3c8419ada408ecadf005ccae806301bacef292322f2dce058dea8275b186e849cda577aa81d044a2275d74593806d9b4b7c68a2477ec
-
SSDEEP
12288:jMrFy90D4umOQTXUDJbvPtU+Cck/OBeS4NqCOuNW6mwDOj/:yy5jrXUDJu+xkCeS2wuNW4+
Static task
static1
Behavioral task
behavioral1
Sample
13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Targets
-
-
Target
13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5
-
Size
753KB
-
MD5
8fac869739d494422f6f6fb7dd76ca54
-
SHA1
4aa066e69b00afe7eb964482ece608d787e21576
-
SHA256
13dd9ba22f3716dfc958a3e86ddbbc9c3115136688476386f8bf42f8bf7d5bb5
-
SHA512
0ada800f99f28cb202bf3c8419ada408ecadf005ccae806301bacef292322f2dce058dea8275b186e849cda577aa81d044a2275d74593806d9b4b7c68a2477ec
-
SSDEEP
12288:jMrFy90D4umOQTXUDJbvPtU+Cck/OBeS4NqCOuNW6mwDOj/:yy5jrXUDJu+xkCeS2wuNW4+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-