Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24
-
Size
1.1MB
-
Sample
230313-ghfwcsag8z
-
MD5
93b1e457819e11c880756e683aae1daa
-
SHA1
be3de3fd83036970c34f5c464c26f2b4558c1018
-
SHA256
17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24
-
SHA512
2207dd26f74a52db0777ad42f35eb591e3b60312e0338b1a64f2ee9acc31cfed31bd102542e06dd54b5bbc7ead70f33cf2bf37a18bbb91be50cd7707b6ef47dc
-
SSDEEP
24576:kIpYjWsLGJzJF0DuVXBs5xo9qTwg/mwiEptybz7rWwNXVdq:1YqhJzJKyVXBs7Tz/b2bz7rWAX
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
vina
193.233.20.28:4125
-
auth_value
7e90e85c9cea0965a2bfd23e1cfc6bc8
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24
-
Size
1.1MB
-
MD5
93b1e457819e11c880756e683aae1daa
-
SHA1
be3de3fd83036970c34f5c464c26f2b4558c1018
-
SHA256
17c53e66620462d34286a5e6ce9dcc2d2cc0dd85ed29e1ef83ed731717f62f24
-
SHA512
2207dd26f74a52db0777ad42f35eb591e3b60312e0338b1a64f2ee9acc31cfed31bd102542e06dd54b5bbc7ead70f33cf2bf37a18bbb91be50cd7707b6ef47dc
-
SSDEEP
24576:kIpYjWsLGJzJF0DuVXBs5xo9qTwg/mwiEptybz7rWwNXVdq:1YqhJzJKyVXBs7Tz/b2bz7rWAX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-