Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371
-
Size
1024KB
-
Sample
230323-h7tzysec22
-
MD5
2c3e70c44e496f494d7f9b8fe9f10afd
-
SHA1
f3765c731eca77c16a5f6349e34b6153b6befee2
-
SHA256
10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371
-
SHA512
3608e72d5dff2f6cfbd70faf7c13008c8c47696ab0d06c4eb6d6585bf65aaac2f17c10078c1626db38b946791d9c26a70b41a936d8161d01acd642379f361b24
-
SSDEEP
12288:aMrjy90RlaMtvTJ/CNWqzc0xcGpxh3L4hbvzlj3iMaaxduFzAa0KJ5pOJ+iqIP0D:ly0w1WChLGbxjnjuRAa0KaCIP0Mkj
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371
-
Size
1024KB
-
MD5
2c3e70c44e496f494d7f9b8fe9f10afd
-
SHA1
f3765c731eca77c16a5f6349e34b6153b6befee2
-
SHA256
10621a118584dd9bc770d5d4e251bcee2f5f55b15ffeb95b0e81028c73b13371
-
SHA512
3608e72d5dff2f6cfbd70faf7c13008c8c47696ab0d06c4eb6d6585bf65aaac2f17c10078c1626db38b946791d9c26a70b41a936d8161d01acd642379f361b24
-
SSDEEP
12288:aMrjy90RlaMtvTJ/CNWqzc0xcGpxh3L4hbvzlj3iMaaxduFzAa0KJ5pOJ+iqIP0D:ly0w1WChLGbxjnjuRAa0KaCIP0Mkj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-