Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c24349061630cb4062b0a9723ad07f638e70b991f7e4ea2ed4549cdc316ea4a8
-
Size
1.3MB
-
Sample
230301-mzpgqafd7v
-
MD5
9a8ee1ee83d64b654a8bcab190eefe4a
-
SHA1
d7c15f6d0bd5c2e208038a8aae2002305f55ba2e
-
SHA256
c24349061630cb4062b0a9723ad07f638e70b991f7e4ea2ed4549cdc316ea4a8
-
SHA512
145a0abf8cc80b4f2fa3d8b68a77c6c9e0a4304543752742f4916e97b021d0ce7eab89661bc7a6874cb91840944d082e0377f202706dd1a18d52fb6827059695
-
SSDEEP
24576:yy35vC0g22SG/M2h7M31UMo76ySCUh0+bZgFRtYjsXc1tw:ZlC0gR1JAUMo76zC2tg3tYjekt
Static task
static1
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Extracted
amadey
3.67
193.233.20.14/BR54nmB3/index.php
Extracted
redline
forma
193.233.20.24:4123
-
auth_value
50b8e065d7cb1e9e30786f7a370368f9
Targets
-
-
Target
c24349061630cb4062b0a9723ad07f638e70b991f7e4ea2ed4549cdc316ea4a8
-
Size
1.3MB
-
MD5
9a8ee1ee83d64b654a8bcab190eefe4a
-
SHA1
d7c15f6d0bd5c2e208038a8aae2002305f55ba2e
-
SHA256
c24349061630cb4062b0a9723ad07f638e70b991f7e4ea2ed4549cdc316ea4a8
-
SHA512
145a0abf8cc80b4f2fa3d8b68a77c6c9e0a4304543752742f4916e97b021d0ce7eab89661bc7a6874cb91840944d082e0377f202706dd1a18d52fb6827059695
-
SSDEEP
24576:yy35vC0g22SG/M2h7M31UMo76ySCUh0+bZgFRtYjsXc1tw:ZlC0gR1JAUMo76zC2tg3tYjekt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-