Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
df15a783d2a45663daffc435c6aef0e6dc03ad3bbcb40f0eb1bbdece7c85667e
-
Size
142KB
-
Sample
240417-rge8jscf6s
-
MD5
31306dbf39262d94adb55e723838792f
-
SHA1
9e93dfc99a15da4ebc5aa5bac2c15e2d14b95d84
-
SHA256
df15a783d2a45663daffc435c6aef0e6dc03ad3bbcb40f0eb1bbdece7c85667e
-
SHA512
985b94cda0bdfafe50afed06f4479548bee45bc7e80f510034197d5b1785445a881835f8e978ec10ffb30a076906feddb949032f552eb6dce08e8de8314c1fe5
-
SSDEEP
3072:3OJ+2FXl16Ab2iXTz3vdEvuWvEWsn+Ry6TDjnnQgRR0zzHImleNXdGVD6oYLu:+J+2Jl4LiX33VEmWv1DJ/p0zzvwzG0Xy
Static task
static1
Behavioral task
behavioral1
Sample
8a4620c027661d01fe46cc055f621000b7e6bb681c159e58cc0d59c681e06433.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
23/02
65.108.20.226:37715
Targets
-
-
Target
8a4620c027661d01fe46cc055f621000b7e6bb681c159e58cc0d59c681e06433.exe
-
Size
508KB
-
MD5
53706e505c74b5bbcfb4165ee39b563b
-
SHA1
9dc6a144f057d456aeeb7c32f274e440c24d8723
-
SHA256
8a4620c027661d01fe46cc055f621000b7e6bb681c159e58cc0d59c681e06433
-
SHA512
48a7c29d4387a6bf46327564b6f31f8c9f56f497698e7a0aa7a0cb85db2142271d40005dcfac69a914c3628f320af3087f3d9a328c521136b8f565239175584a
-
SSDEEP
12288:rfjrKrGQ79tHMSv/giv/MOoEtzXtOGf4CXYyV:URbx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-