Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f
-
Size
338KB
-
Sample
240715-cx6ccawfmh
-
MD5
777cf4edb5d4249ec3e16550c16cf432
-
SHA1
557c3a100562d7a99d9735bff7cac5f9305d97c8
-
SHA256
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f
-
SHA512
6e3f1e6e43eb565eb49f361ee0bf218e2e1d32fe66ba26693fc6766104db6e5e8df13ebe674156ecc2b3bfc3c46119aad9d89821fd88e57ff4a6567d86f3d356
-
SSDEEP
6144:8YNjimaNKcYdvkMEdRE29UHYOhQWrbM9VJLRw5ffTQiy1UOXPuBuR2di8jEO:8+MKc+kMcY/MR1wpTVk8ugi8jEO
Static task
static1
Behavioral task
behavioral1
Sample
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f.exe
Resource
win11-20240709-en
Malware Config
Extracted
redline
6951125327
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f
-
Size
338KB
-
MD5
777cf4edb5d4249ec3e16550c16cf432
-
SHA1
557c3a100562d7a99d9735bff7cac5f9305d97c8
-
SHA256
97987529709f79fe20cb8aa341b7ef61f8d3dffd707a6397f0f9be925236381f
-
SHA512
6e3f1e6e43eb565eb49f361ee0bf218e2e1d32fe66ba26693fc6766104db6e5e8df13ebe674156ecc2b3bfc3c46119aad9d89821fd88e57ff4a6567d86f3d356
-
SSDEEP
6144:8YNjimaNKcYdvkMEdRE29UHYOhQWrbM9VJLRw5ffTQiy1UOXPuBuR2di8jEO:8+MKc+kMcY/MR1wpTVk8ugi8jEO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-