Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
988878720960b2f609009e0d59294dd01bcc03a73732981577c2ef14101dd745
-
Size
1016KB
-
Sample
230324-d8kqfsca22
-
MD5
df40e11f35bf3bb2fa3c63c4d6e8c466
-
SHA1
370d687ef49a75468dd00577c4695464f9be9f18
-
SHA256
988878720960b2f609009e0d59294dd01bcc03a73732981577c2ef14101dd745
-
SHA512
583b91d48e7893f78571afee114f507b1c4bb7634541d73ccdcd75542674a5564268092c3e71fe808ccfe38f9ee90dedd58f73303a14e4d66ef9f34f1ab8eab0
-
SSDEEP
24576:qy+w6n8ANnSPCFW0qHfM6Wt8lvyP59fZ3ACl9Wfqhksk6:xRW8ynSz3Wt8lvyRHBlPh
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
988878720960b2f609009e0d59294dd01bcc03a73732981577c2ef14101dd745
-
Size
1016KB
-
MD5
df40e11f35bf3bb2fa3c63c4d6e8c466
-
SHA1
370d687ef49a75468dd00577c4695464f9be9f18
-
SHA256
988878720960b2f609009e0d59294dd01bcc03a73732981577c2ef14101dd745
-
SHA512
583b91d48e7893f78571afee114f507b1c4bb7634541d73ccdcd75542674a5564268092c3e71fe808ccfe38f9ee90dedd58f73303a14e4d66ef9f34f1ab8eab0
-
SSDEEP
24576:qy+w6n8ANnSPCFW0qHfM6Wt8lvyP59fZ3ACl9Wfqhksk6:xRW8ynSz3Wt8lvyRHBlPh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-