Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SoftWare(2).exe
-
Size
840KB
-
Sample
240514-ncsrasdb7v
-
MD5
178247452a0628dbce6775856b60b8e1
-
SHA1
1b42237189d9cb387289e5855e944b6ce51fa196
-
SHA256
688e9194015474b2c60e05675236295677fbde46e4e471f3048ce1c5f9ed1c12
-
SHA512
c21c4422f701667c5a14dc5bc1f5bcabbecc3e9c69b04e4d03c010290abc50b469791e117c9a2f1d81bb52d81684cafa32c2bc454e880bedff8ed621f8bdb3a6
-
SSDEEP
12288:NM9nSH9BVtFceGDLlxp7zsd9WqdkMX8run2b5518ycw8ctT1U5pRU0PnDQ0gKgw8:NK+/tFceG/Xp7zsWqGQ+bj
Static task
static1
Behavioral task
behavioral1
Sample
SoftWare(2).exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SoftWare(2).exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
194.26.232.43:20746
Targets
-
-
Target
SoftWare(2).exe
-
Size
840KB
-
MD5
178247452a0628dbce6775856b60b8e1
-
SHA1
1b42237189d9cb387289e5855e944b6ce51fa196
-
SHA256
688e9194015474b2c60e05675236295677fbde46e4e471f3048ce1c5f9ed1c12
-
SHA512
c21c4422f701667c5a14dc5bc1f5bcabbecc3e9c69b04e4d03c010290abc50b469791e117c9a2f1d81bb52d81684cafa32c2bc454e880bedff8ed621f8bdb3a6
-
SSDEEP
12288:NM9nSH9BVtFceGDLlxp7zsd9WqdkMX8run2b5518ycw8ctT1U5pRU0PnDQ0gKgw8:NK+/tFceG/Xp7zsWqGQ+bj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-