Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
786KB
-
Sample
230210-r299esdg4w
-
MD5
d0d5e264eacb20646420278076a02492
-
SHA1
406bcbab5b8938579f3fc01f8f1acc082874aa95
-
SHA256
7905b88c09cab4f1d90cda9b7bf7423b63c0f19a1697893b47f1a5bebda885f0
-
SHA512
1ff4b267583888f13287689c1c7025d83ecdbc3c94a5381717947519c4fbbc2fe305f5293640b0e50b486086f785ae88c0aabc7404bf71eac61cdb5fa5f7fde4
-
SSDEEP
24576:KyBVTh+eCD3SDM16rQpp8mOHd3EStsZgL:RBdh+DD3SDs6rQpp8j34g
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Targets
-
-
Target
file
-
Size
786KB
-
MD5
d0d5e264eacb20646420278076a02492
-
SHA1
406bcbab5b8938579f3fc01f8f1acc082874aa95
-
SHA256
7905b88c09cab4f1d90cda9b7bf7423b63c0f19a1697893b47f1a5bebda885f0
-
SHA512
1ff4b267583888f13287689c1c7025d83ecdbc3c94a5381717947519c4fbbc2fe305f5293640b0e50b486086f785ae88c0aabc7404bf71eac61cdb5fa5f7fde4
-
SSDEEP
24576:KyBVTh+eCD3SDM16rQpp8mOHd3EStsZgL:RBdh+DD3SDs6rQpp8j34g
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-