Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
314KB
-
Sample
240928-2zjc2asgnh
-
MD5
f2d385ddbb2edafacd070f103f7f1576
-
SHA1
5ee6cb80bc943476067c148e5c16738b7b062029
-
SHA256
d56a1a5602b5e72b8b9b2d6f2e0c5bc689682d0983f30b8c66dad9af093679b3
-
SHA512
e6ee00d15483ef29fb7e48ed28833ce5059f7bfada96b92c350246f6032f85d318571950bf6d2ee557e417e87d24d90965aa1523782416792fa7eb7354266df5
-
SSDEEP
6144:8KNfu572RY1YNfnlxThJDfeDp7B9wNjudYHpHNHqQtb4qNp28Rrm:82Gt2RhNfz/u1B9wNSd0UQF4t8pm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LiveTraffic
136.244.88.135:17615
Targets
-
-
Target
file.exe
-
Size
314KB
-
MD5
f2d385ddbb2edafacd070f103f7f1576
-
SHA1
5ee6cb80bc943476067c148e5c16738b7b062029
-
SHA256
d56a1a5602b5e72b8b9b2d6f2e0c5bc689682d0983f30b8c66dad9af093679b3
-
SHA512
e6ee00d15483ef29fb7e48ed28833ce5059f7bfada96b92c350246f6032f85d318571950bf6d2ee557e417e87d24d90965aa1523782416792fa7eb7354266df5
-
SSDEEP
6144:8KNfu572RY1YNfnlxThJDfeDp7B9wNjudYHpHNHqQtb4qNp28Rrm:82Gt2RhNfz/u1B9wNSd0UQF4t8pm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2