Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
abc0031265c730e8ebba53a7b79e47a86f397fc351a62cae7f4c418769233434
-
Size
980KB
-
Sample
230303-11b5nsba71
-
MD5
ad36625d9113b9d888af9d9e980b75a1
-
SHA1
792bc0e5cecda939404dd6b8b5cd53e7b2a4ea75
-
SHA256
abc0031265c730e8ebba53a7b79e47a86f397fc351a62cae7f4c418769233434
-
SHA512
b0c25a4160fad0795307644e06c6c7c7056a4921b451645175f64f5c4c3a0bb0705c1df3bb561609040f65277911245b9b6b2eea3156d5b74a93cc8409ec35d1
-
SSDEEP
24576:KyB+V7AhaCEmlgEMYrODi4VFzG+kWr0SRl+MdF:RB+RAymlgEIDRF3r5Rl+Md
Static task
static1
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
amadey
3.68
193.233.20.25/buH5N004d/index.php
Extracted
redline
foksa
hueref.eu:4162
-
auth_value
6a9b2601a21672b285de3ed41b5402e4
Targets
-
-
Target
abc0031265c730e8ebba53a7b79e47a86f397fc351a62cae7f4c418769233434
-
Size
980KB
-
MD5
ad36625d9113b9d888af9d9e980b75a1
-
SHA1
792bc0e5cecda939404dd6b8b5cd53e7b2a4ea75
-
SHA256
abc0031265c730e8ebba53a7b79e47a86f397fc351a62cae7f4c418769233434
-
SHA512
b0c25a4160fad0795307644e06c6c7c7056a4921b451645175f64f5c4c3a0bb0705c1df3bb561609040f65277911245b9b6b2eea3156d5b74a93cc8409ec35d1
-
SSDEEP
24576:KyB+V7AhaCEmlgEMYrODi4VFzG+kWr0SRl+MdF:RB+RAymlgEIDRF3r5Rl+Md
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-