Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a558bb1a1c30d8b33f1995865f82499e35f09bdb08e92b46a7340c38540da958
-
Size
692KB
-
Sample
230306-s9znbsce7x
-
MD5
afd5fe51fa7f39e1d20776a1f5c82c52
-
SHA1
fd7440b6ba8de5cbae0bf7af5f89a6dcb788378a
-
SHA256
a558bb1a1c30d8b33f1995865f82499e35f09bdb08e92b46a7340c38540da958
-
SHA512
08dd8fd77affa39844d6a2bdf61486ff55ca920974cb251e935e13109519c2b2ebd460487b218cc0f063cc8bab49a747aa02c1d4853f37f8ff7f43093e7693e0
-
SSDEEP
12288:tMr+y90E4LfWVayUfy+uZ12lBMhRpSQnR4X/cN6ctc63iS4UAMnMoXJ:ny6LeVa0Zth1G/cr5yS43MnRXJ
Static task
static1
Behavioral task
behavioral1
Sample
a558bb1a1c30d8b33f1995865f82499e35f09bdb08e92b46a7340c38540da958.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
a558bb1a1c30d8b33f1995865f82499e35f09bdb08e92b46a7340c38540da958
-
Size
692KB
-
MD5
afd5fe51fa7f39e1d20776a1f5c82c52
-
SHA1
fd7440b6ba8de5cbae0bf7af5f89a6dcb788378a
-
SHA256
a558bb1a1c30d8b33f1995865f82499e35f09bdb08e92b46a7340c38540da958
-
SHA512
08dd8fd77affa39844d6a2bdf61486ff55ca920974cb251e935e13109519c2b2ebd460487b218cc0f063cc8bab49a747aa02c1d4853f37f8ff7f43093e7693e0
-
SSDEEP
12288:tMr+y90E4LfWVayUfy+uZ12lBMhRpSQnR4X/cN6ctc63iS4UAMnMoXJ:ny6LeVa0Zth1G/cr5yS43MnRXJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-