Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082
-
Size
338KB
-
Sample
240715-hr7k4stepq
-
MD5
0247647b5e279e3f2d7e2c678b5aba2a
-
SHA1
5602ea55c79cc782ff3e8c5e67f8ec132ccb5b6e
-
SHA256
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082
-
SHA512
73b28bfd069e7b4ea81c3707b66859d39fe4b2e8d98a168081f5e1a48705ef29b15a459415264888336b2cf2c7c2a8eb031c6f668c7d4c1885f1013aad7ad749
-
SSDEEP
6144:kwrSv/JpP+AegMMtRvu3LqBOkQWrTxivRid/E4FDJM2di8UEO:kXpP6gMEBPxiv2ESJi8UEO
Static task
static1
Behavioral task
behavioral1
Sample
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082.exe
Resource
win11-20240709-en
Malware Config
Extracted
redline
6951125327
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082
-
Size
338KB
-
MD5
0247647b5e279e3f2d7e2c678b5aba2a
-
SHA1
5602ea55c79cc782ff3e8c5e67f8ec132ccb5b6e
-
SHA256
656aa20b9690a0657a80ce1c4c842684708fae47a48a4b59ae5101b71dbb9082
-
SHA512
73b28bfd069e7b4ea81c3707b66859d39fe4b2e8d98a168081f5e1a48705ef29b15a459415264888336b2cf2c7c2a8eb031c6f668c7d4c1885f1013aad7ad749
-
SSDEEP
6144:kwrSv/JpP+AegMMtRvu3LqBOkQWrTxivRid/E4FDJM2di8UEO:kXpP6gMEBPxiv2ESJi8UEO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-