Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3f5bb3fc080ece9c6f87004c4f0b052a.bin
-
Size
316KB
-
Sample
230831-bqnchscb66
-
MD5
239993c4d03a484f72cd9273f58073e6
-
SHA1
dd19f1f05c7a495b0fbab5d49be3566de78313d8
-
SHA256
877295a024136906d601c165783186d49b1d175b81a6caa99851eee3e35486c8
-
SHA512
0d5c9b9bbeba115a568354ceeba28f813d7ad91bea7886dd7419df4aa30a3fdbc8554a2fa9e6221e819a1fed709f7f77315a3d9363c46db8b82b1e0e6a7c57cb
-
SSDEEP
6144:uFyx4iKJ+FWIZPQZrIK2/DePLGyTfLH0sVAojOSEOcKrT5yNGPvcBQXVy:uJnBZUKHLGMzUiA2Oud08I
Static task
static1
Behavioral task
behavioral1
Sample
e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0.exe
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
1149276168_99
https://pastebin.com/raw/8baCJyMF
Targets
-
-
Target
e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0.exe
-
Size
482KB
-
MD5
3f5bb3fc080ece9c6f87004c4f0b052a
-
SHA1
286da433d2ab965c7ac94a9ab8838ed74c5e5ee3
-
SHA256
e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0
-
SHA512
3dc0489ced9d15d485d0bf3a2c007841238691705e73e1d8a0549ec09e2b9e66488d953207c81cfea2ba1171d61a512a10c3f2bada8c5febdf2155f0c6c792a3
-
SSDEEP
12288:qubsNSOetfARQAPyGUfT+tkrhWJNOnMv77:qubsnafAPyjZrgnv77
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-