Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0
-
Size
721KB
-
Sample
230213-vkrmjaea7t
-
MD5
d644b2ae949948e540249d8120ec77c9
-
SHA1
05b2e6163596a1eb2d3328f38eec87db559280b3
-
SHA256
02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0
-
SHA512
d9049aeff50c08300da9310540e3d9c24355ff4fdf02303f6faaabfb830d73645ca5aa53719e556d1a913ec406d7e8588a67363c03e467df8782ac2236cbae9a
-
SSDEEP
12288:gMrAy90BA/IXAWvP+9iGbz8FqjbNeJaSVP/6Sn3Vl9lLdf6X:wygb2MGcvaE3BfU
Static task
static1
Behavioral task
behavioral1
Sample
02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Targets
-
-
Target
02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0
-
Size
721KB
-
MD5
d644b2ae949948e540249d8120ec77c9
-
SHA1
05b2e6163596a1eb2d3328f38eec87db559280b3
-
SHA256
02ad3fea856d1e25b831dab377c70d6bccd64867bb1fc27a089f34bfa68acef0
-
SHA512
d9049aeff50c08300da9310540e3d9c24355ff4fdf02303f6faaabfb830d73645ca5aa53719e556d1a913ec406d7e8588a67363c03e467df8782ac2236cbae9a
-
SSDEEP
12288:gMrAy90BA/IXAWvP+9iGbz8FqjbNeJaSVP/6Sn3Vl9lLdf6X:wygb2MGcvaE3BfU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-