Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ebde60210d709f94cd3049159931e37d4ce84d9e8ea9b464cdfe76de3735f007.exe
-
Size
876KB
-
Sample
240501-chr66sff44
-
MD5
44cda0c89226270d6ea6d3e4fce68247
-
SHA1
f812847510b41244da3cedc928ac805154872ae0
-
SHA256
ebde60210d709f94cd3049159931e37d4ce84d9e8ea9b464cdfe76de3735f007
-
SHA512
958f24388469963c2a3cde1a9e557d9fff87a8f024788b3ec88a9462b7433185cef8ef0af2196b5945ed6611ca4a7bd889adb670ee545c81748fbfdc3da415fc
-
SSDEEP
24576:2NaQetypa7reXTnhUDhKPQrEC/55g4RwmwZaJw3rJy3:moreXLaAPiR/RwhZaG39M
Static task
static1
Behavioral task
behavioral1
Sample
ebde60210d709f94cd3049159931e37d4ce84d9e8ea9b464cdfe76de3735f007.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
new
91.92.249.182:34419
Targets
-
-
Target
ebde60210d709f94cd3049159931e37d4ce84d9e8ea9b464cdfe76de3735f007.exe
-
Size
876KB
-
MD5
44cda0c89226270d6ea6d3e4fce68247
-
SHA1
f812847510b41244da3cedc928ac805154872ae0
-
SHA256
ebde60210d709f94cd3049159931e37d4ce84d9e8ea9b464cdfe76de3735f007
-
SHA512
958f24388469963c2a3cde1a9e557d9fff87a8f024788b3ec88a9462b7433185cef8ef0af2196b5945ed6611ca4a7bd889adb670ee545c81748fbfdc3da415fc
-
SSDEEP
24576:2NaQetypa7reXTnhUDhKPQrEC/55g4RwmwZaJw3rJy3:moreXLaAPiR/RwhZaG39M
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-