Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191
-
Size
1.8MB
-
Sample
221001-h97c3agfdq
-
MD5
acf5d1a8f625d7d5b4d877dde28c613c
-
SHA1
08cb78a12d8905e2d2e781e8f8c49fd4a5696773
-
SHA256
653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191
-
SHA512
35d11fd972abaeebf10083765ba76b140d83bf7e2cd0986cbc0652dfa489c54b31772e43c5e5c64e69084fffa6df930ec65fb89557f73a94a040eccd6ba2991c
-
SSDEEP
24576:TVxdc2VqcvHrb/hyuDZipy6CSbF2MhKlgVE30s2PQ0iOa/tNbKTwB:B0evH3WYkUuFEElQ1tkT
Static task
static1
Malware Config
Extracted
redline
FREE-APPS
amrican-sport-live-stream.cc:4581
-
auth_value
0c9fc6b0cc64520358e3542816da34e2
Targets
-
-
Target
653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191
-
Size
1.8MB
-
MD5
acf5d1a8f625d7d5b4d877dde28c613c
-
SHA1
08cb78a12d8905e2d2e781e8f8c49fd4a5696773
-
SHA256
653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191
-
SHA512
35d11fd972abaeebf10083765ba76b140d83bf7e2cd0986cbc0652dfa489c54b31772e43c5e5c64e69084fffa6df930ec65fb89557f73a94a040eccd6ba2991c
-
SSDEEP
24576:TVxdc2VqcvHrb/hyuDZipy6CSbF2MhKlgVE30s2PQ0iOa/tNbKTwB:B0evH3WYkUuFEElQ1tkT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-