Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc_JC.exe
-
Size
1.4MB
-
Sample
231001-y2axwseg82
-
MD5
eeb8a6c6433dd3b3b1dba0f9b41b74ed
-
SHA1
f11c21d49622c6b9f1fa1c2bbc7489d0eb1168fa
-
SHA256
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc
-
SHA512
839cafd0f1a911cb8e2add7a5ad3c62b7a9409551d98d5a5ab9845df9bc4c1f3559d58de32a138475e0354810361f825c795c43de3652ce485b4465428d08e63
-
SSDEEP
24576:9+yzyicBpqoZTgVifptq6PQMS9J41x9b9H:9SBpqoZTgY1PdSr4vVB
Static task
static1
Behavioral task
behavioral1
Sample
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
@oleh_ps
176.123.4.46:33783
-
auth_value
94ecdfa2eb126d66ce500353b2fa9112
Targets
-
-
Target
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc_JC.exe
-
Size
1.4MB
-
MD5
eeb8a6c6433dd3b3b1dba0f9b41b74ed
-
SHA1
f11c21d49622c6b9f1fa1c2bbc7489d0eb1168fa
-
SHA256
80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc
-
SHA512
839cafd0f1a911cb8e2add7a5ad3c62b7a9409551d98d5a5ab9845df9bc4c1f3559d58de32a138475e0354810361f825c795c43de3652ce485b4465428d08e63
-
SSDEEP
24576:9+yzyicBpqoZTgVifptq6PQMS9J41x9b9H:9SBpqoZTgY1PdSr4vVB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-