Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f
-
Size
338KB
-
Sample
240715-jxac8sygrg
-
MD5
db85298795172673c20929cf84a2289c
-
SHA1
e457bb5189d65423edb69e4f5aae4181fd49607d
-
SHA256
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f
-
SHA512
51e556bd19e5d032643d277c57d83c64723f793255725c17ffa0d1bd6b84911939e42f15aa6dacc9ce3f064ce6b7fe568b6e1748e838dea1db46ceb2e1327a69
-
SSDEEP
6144:LY1jBmalKcYdvkMEdRE29UHYOhQWrNHLbw9dVmXFGVjiyOOhwK1DxD52di8bEO:LNEKc+kMcIB3XUVjiqFD+i8bEO
Static task
static1
Behavioral task
behavioral1
Sample
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f.exe
Resource
win11-20240709-en
Malware Config
Extracted
redline
6951125327
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f
-
Size
338KB
-
MD5
db85298795172673c20929cf84a2289c
-
SHA1
e457bb5189d65423edb69e4f5aae4181fd49607d
-
SHA256
36d6c3ad56d0d619d4cd839a652a500936c2bd161c5495576170bb9f55fcce6f
-
SHA512
51e556bd19e5d032643d277c57d83c64723f793255725c17ffa0d1bd6b84911939e42f15aa6dacc9ce3f064ce6b7fe568b6e1748e838dea1db46ceb2e1327a69
-
SSDEEP
6144:LY1jBmalKcYdvkMEdRE29UHYOhQWrNHLbw9dVmXFGVjiyOOhwK1DxD52di8bEO:LNEKc+kMcIB3XUVjiqFD+i8bEO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-