Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
39754ddae7ddf49e6a32069050d72119fa74c7b345e65f56bbd5b16e45cfd9b2
-
Size
769KB
-
Sample
230213-pzyrhacf9v
-
MD5
b8598244bfa6336889721c85c177d78a
-
SHA1
49dcf5da133569186a2099fabcf38f8e73ec6ffe
-
SHA256
39754ddae7ddf49e6a32069050d72119fa74c7b345e65f56bbd5b16e45cfd9b2
-
SHA512
daadf92f9a4634047cb5efb77088fe269a88b06d8a11d89e74b9390c08a8d74dfa22df901d2313cd72bcabc23f6708b64c730ab575aec968b42daa984a605673
-
SSDEEP
12288:hMrSy90/KiLbALJJgvltVdJ7rIVcIBQGLShrsoq8OqEeJRPfO/lv7HWiwb7s:fyCKiLWJCtrL7JISJqz7e7fADHWzb7s
Static task
static1
Malware Config
Extracted
redline
romik
193.233.20.12:4132
-
auth_value
8fb78d2889ba0ca42678b59b884e88ff
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Extracted
redline
cr2
176.113.115.17:4132
-
auth_value
4bf573d6f5ab16f3b5e36da6855dc128
Targets
-
-
Target
39754ddae7ddf49e6a32069050d72119fa74c7b345e65f56bbd5b16e45cfd9b2
-
Size
769KB
-
MD5
b8598244bfa6336889721c85c177d78a
-
SHA1
49dcf5da133569186a2099fabcf38f8e73ec6ffe
-
SHA256
39754ddae7ddf49e6a32069050d72119fa74c7b345e65f56bbd5b16e45cfd9b2
-
SHA512
daadf92f9a4634047cb5efb77088fe269a88b06d8a11d89e74b9390c08a8d74dfa22df901d2313cd72bcabc23f6708b64c730ab575aec968b42daa984a605673
-
SSDEEP
12288:hMrSy90/KiLbALJJgvltVdJ7rIVcIBQGLShrsoq8OqEeJRPfO/lv7HWiwb7s:fyCKiLWJCtrL7JISJqz7e7fADHWzb7s
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-