Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a
-
Size
777KB
-
Sample
230604-mwv54ace4v
-
MD5
e83bd758975210ec7c2520130ad3f2f5
-
SHA1
b901b562247d7e3b23009c0fe3d15fab27ac15bf
-
SHA256
3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a
-
SHA512
876d20254b0a03f11f6de8d2ee2e2219e143c7ef174009d195743898b64e96d8d42d551af3617fd347b4d811d7787c876fab3e22b1f3e318ed4ffc5432278df4
-
SSDEEP
12288:qMr+y90th0ra/0X8KznOPDbL42qlk5ERKhBjjS+2fOk2gPxDPAO6sADtCI:4ydasMKzOz42qlGNjSzRZ8OG9
Static task
static1
Behavioral task
behavioral1
Sample
3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a
-
Size
777KB
-
MD5
e83bd758975210ec7c2520130ad3f2f5
-
SHA1
b901b562247d7e3b23009c0fe3d15fab27ac15bf
-
SHA256
3bb9309ea01e24598cb555b871c272ca66c4aee40add0d7414da7cd0a6f95c8a
-
SHA512
876d20254b0a03f11f6de8d2ee2e2219e143c7ef174009d195743898b64e96d8d42d551af3617fd347b4d811d7787c876fab3e22b1f3e318ed4ffc5432278df4
-
SSDEEP
12288:qMr+y90th0ra/0X8KznOPDbL42qlk5ERKhBjjS+2fOk2gPxDPAO6sADtCI:4ydasMKzOz42qlGNjSzRZ8OG9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-