Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4
-
Size
338KB
-
Sample
240715-gnvlpsthkf
-
MD5
aa4d6148e2daf9bf88f81e895a22d806
-
SHA1
055721fc6ee9d3d05a64075376a06de92a1a3648
-
SHA256
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4
-
SHA512
f36c6ce0b089281cf5cd07ff473707f351db7b6948fb6a81649fe6274e045a7a730de7d23046d76b6072f20b230af9d8d05907c6e6e6c640f9e0740088c3c25f
-
SSDEEP
6144:xwrSV/JpP+AegMMtRvu3LqBOkQWrRxBaFC0i3ggvE5UB0g+TI902di8UEO:xRpP6gMEBFxQC0i3Z85Vg+M9zi8UEO
Static task
static1
Behavioral task
behavioral1
Sample
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4.exe
Resource
win11-20240709-en
Malware Config
Extracted
redline
6951125327
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4
-
Size
338KB
-
MD5
aa4d6148e2daf9bf88f81e895a22d806
-
SHA1
055721fc6ee9d3d05a64075376a06de92a1a3648
-
SHA256
3d460cf6086d48d0c1ce42ae4d08dbf32993bce1c0c4e6684b113e30ae8e34b4
-
SHA512
f36c6ce0b089281cf5cd07ff473707f351db7b6948fb6a81649fe6274e045a7a730de7d23046d76b6072f20b230af9d8d05907c6e6e6c640f9e0740088c3c25f
-
SSDEEP
6144:xwrSV/JpP+AegMMtRvu3LqBOkQWrRxBaFC0i3ggvE5UB0g+TI902di8UEO:xRpP6gMEBFxQC0i3Z85Vg+M9zi8UEO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-