Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
19f7375973e4378d05392af730705f91b69068239d04b3a9cb0368ba5d8ad3bd
-
Size
976KB
-
Sample
230304-bhsx2abe81
-
MD5
5b03b62589bca1c4d1d29be32daae934
-
SHA1
0c7652c3d8dfc0942f484910b320d24c890281d7
-
SHA256
19f7375973e4378d05392af730705f91b69068239d04b3a9cb0368ba5d8ad3bd
-
SHA512
8c601647cfdf04379890c97f6d534859ed842dfdc7d03fbc9aa4f0ede4a4e34aae3964303a17c080afbd1efaee06729d0d1efe5ea40c8873a158d961c9297e20
-
SSDEEP
24576:SyL7M/OseVFUtW9Ua+x1tHWUMzR6IExSU:52OPGMFCiRoS
Static task
static1
Malware Config
Extracted
redline
rosto
hueref.eu:4162
-
auth_value
07d81eba8cad42bbd0ae60042d48eac6
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
foksa
hueref.eu:4162
-
auth_value
6a9b2601a21672b285de3ed41b5402e4
Targets
-
-
Target
19f7375973e4378d05392af730705f91b69068239d04b3a9cb0368ba5d8ad3bd
-
Size
976KB
-
MD5
5b03b62589bca1c4d1d29be32daae934
-
SHA1
0c7652c3d8dfc0942f484910b320d24c890281d7
-
SHA256
19f7375973e4378d05392af730705f91b69068239d04b3a9cb0368ba5d8ad3bd
-
SHA512
8c601647cfdf04379890c97f6d534859ed842dfdc7d03fbc9aa4f0ede4a4e34aae3964303a17c080afbd1efaee06729d0d1efe5ea40c8873a158d961c9297e20
-
SSDEEP
24576:SyL7M/OseVFUtW9Ua+x1tHWUMzR6IExSU:52OPGMFCiRoS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-