Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c2e75bf09b2b637a5bda868d2cad0a847e33ac925bcbb1cbc6c0f7952c90257
-
Size
1.3MB
-
Sample
230301-tg553sge2x
-
MD5
a16b63f54d6f6da5cd5fa5144267e346
-
SHA1
f7793a2aa51ab11d7c07f2cad5df0616314ad945
-
SHA256
5c2e75bf09b2b637a5bda868d2cad0a847e33ac925bcbb1cbc6c0f7952c90257
-
SHA512
bba0cfd5a58a18ab0126bdf1969f40f01daaaf0f295b5513f8cb9f6862b35ae116fc3cd3646a8968fd3877f48d65d458f3e40abb2978b290e8e88ca6f18fe831
-
SSDEEP
24576:8yd1D3org/jkhCQ5PK5SSd5NHx5F04LS/2ouCxAf9NeSMMOmp:rdryCQls7d152E9Nw
Static task
static1
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Extracted
amadey
3.67
193.233.20.15/dF30Hn4m/index.php
Extracted
redline
forma
193.233.20.24:4123
-
auth_value
50b8e065d7cb1e9e30786f7a370368f9
Targets
-
-
Target
5c2e75bf09b2b637a5bda868d2cad0a847e33ac925bcbb1cbc6c0f7952c90257
-
Size
1.3MB
-
MD5
a16b63f54d6f6da5cd5fa5144267e346
-
SHA1
f7793a2aa51ab11d7c07f2cad5df0616314ad945
-
SHA256
5c2e75bf09b2b637a5bda868d2cad0a847e33ac925bcbb1cbc6c0f7952c90257
-
SHA512
bba0cfd5a58a18ab0126bdf1969f40f01daaaf0f295b5513f8cb9f6862b35ae116fc3cd3646a8968fd3877f48d65d458f3e40abb2978b290e8e88ca6f18fe831
-
SSDEEP
24576:8yd1D3org/jkhCQ5PK5SSd5NHx5F04LS/2ouCxAf9NeSMMOmp:rdryCQls7d152E9Nw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-