Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996
-
Size
338KB
-
Sample
240715-g27s7avemg
-
MD5
b5b30c90c7a8e25971d6d105f71e4e2c
-
SHA1
ee9edda1ecd9c0d62a1dc43f268b6424889f43c9
-
SHA256
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996
-
SHA512
093784ce23a3a6dec3bee71b538fc6f72ab8cac2f37f2d8f1d6af7fc23b9b39af7325ad14a35e40069a3c126875fa1de92949f023d369f7782c8d28ec9e6b3c6
-
SSDEEP
6144:kY1jkmalKcYdvkMEdRE29UHYOhQWr3cYHwyqWo9jktoANQnMxuch7uw2di8bEO:kcEKc+kMcIogwye1TCCi8bEO
Static task
static1
Behavioral task
behavioral1
Sample
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996.exe
Resource
win11-20240709-en
Malware Config
Extracted
redline
6951125327
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996
-
Size
338KB
-
MD5
b5b30c90c7a8e25971d6d105f71e4e2c
-
SHA1
ee9edda1ecd9c0d62a1dc43f268b6424889f43c9
-
SHA256
c66bafcd448b4369bc9aba54e8f6c39361fd96a4959f09a97a0e646f90a5a996
-
SHA512
093784ce23a3a6dec3bee71b538fc6f72ab8cac2f37f2d8f1d6af7fc23b9b39af7325ad14a35e40069a3c126875fa1de92949f023d369f7782c8d28ec9e6b3c6
-
SSDEEP
6144:kY1jkmalKcYdvkMEdRE29UHYOhQWr3cYHwyqWo9jktoANQnMxuch7uw2di8bEO:kcEKc+kMcIogwye1TCCi8bEO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-