Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21e76ed08cb9f48059d9a91b6a54987d0ee745bf853979368a7b193733c2b311
-
Size
1.0MB
-
Sample
230326-q41x4aaf6v
-
MD5
8c5f03d7f7f97aae455519730365c820
-
SHA1
a6f1e56048ae9304a76ca683a5e111e41ca3660e
-
SHA256
21e76ed08cb9f48059d9a91b6a54987d0ee745bf853979368a7b193733c2b311
-
SHA512
5295f5bd2007cb6ff2cc5aa059ac1362eb5682d081ae72b8c6931268a0e7ad3d84d310e19104d99f078b99833fceeade897e464ecfb28c650625f535740d3f49
-
SSDEEP
24576:cy6LoPJojVcHldIVSJwjUnxeiI74/PzGKV26AbJH:L6sPJoOHld76a8aSC26a
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
mola
193.233.20.32:4125
-
auth_value
05a04aa0a7694423bb0210907b41d794
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
21e76ed08cb9f48059d9a91b6a54987d0ee745bf853979368a7b193733c2b311
-
Size
1.0MB
-
MD5
8c5f03d7f7f97aae455519730365c820
-
SHA1
a6f1e56048ae9304a76ca683a5e111e41ca3660e
-
SHA256
21e76ed08cb9f48059d9a91b6a54987d0ee745bf853979368a7b193733c2b311
-
SHA512
5295f5bd2007cb6ff2cc5aa059ac1362eb5682d081ae72b8c6931268a0e7ad3d84d310e19104d99f078b99833fceeade897e464ecfb28c650625f535740d3f49
-
SSDEEP
24576:cy6LoPJojVcHldIVSJwjUnxeiI74/PzGKV26AbJH:L6sPJoOHld76a8aSC26a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-