Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7006809047ce322deebfb144591138ef824be01cfe7e7c1623dd078255029b0e
-
Size
785KB
-
Sample
230602-h5ga3sad32
-
MD5
306dccc3247c3cd7de88a58383a86c7d
-
SHA1
bfacb22c29de0e36465fe7f9fac434a72c3f4316
-
SHA256
7006809047ce322deebfb144591138ef824be01cfe7e7c1623dd078255029b0e
-
SHA512
73a3097c26e28e680ee5046e8c8b54f08bd053da652de0ffc5a44bb9a1341d4a6a2133bab2253c563bee84c1da43e318d9fbf677836cc9ceeb3483b56ecfb0c2
-
SSDEEP
12288:HMrdy90ZdeFgf06XUiYEOe3GQyfiYWhGYVuwUylytjybak/x8mxcVuTAwqs3xHS2:+ysVYEOe3gfGVXUylylybak/+ViyQ9
Static task
static1
Behavioral task
behavioral1
Sample
7006809047ce322deebfb144591138ef824be01cfe7e7c1623dd078255029b0e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mars
83.97.73.127:19045
-
auth_value
91bd3682cfb50cdc64b6009eb977b766
Extracted
redline
grom
83.97.73.127:19045
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Targets
-
-
Target
7006809047ce322deebfb144591138ef824be01cfe7e7c1623dd078255029b0e
-
Size
785KB
-
MD5
306dccc3247c3cd7de88a58383a86c7d
-
SHA1
bfacb22c29de0e36465fe7f9fac434a72c3f4316
-
SHA256
7006809047ce322deebfb144591138ef824be01cfe7e7c1623dd078255029b0e
-
SHA512
73a3097c26e28e680ee5046e8c8b54f08bd053da652de0ffc5a44bb9a1341d4a6a2133bab2253c563bee84c1da43e318d9fbf677836cc9ceeb3483b56ecfb0c2
-
SSDEEP
12288:HMrdy90ZdeFgf06XUiYEOe3GQyfiYWhGYVuwUylytjybak/x8mxcVuTAwqs3xHS2:+ysVYEOe3gfGVXUylylybak/+ViyQ9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-