Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f
-
Size
1.0MB
-
Sample
230327-jlm5yscd23
-
MD5
8518c3a296e03f87907f1c1aabbad258
-
SHA1
d20d97c7cc0393998da224b3d7e8db2777bc7343
-
SHA256
2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f
-
SHA512
11a003735dd4d295ca5b60e44715a7c2a2b9f8e1edbd0b7563d4b02f350e8228a6c023461199c97b52d350b31241d7dd9856303aae02ba128fa11b0b3f72cd08
-
SSDEEP
24576:+y9Wgq1YGXtGr8l+MzmmiUjfvDdKnAP3hEA3UjQ9QdKBmT9rKo9e/ir:N9XEYow84MEMBKn4ajpdKBS0/i
Static task
static1
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f
-
Size
1.0MB
-
MD5
8518c3a296e03f87907f1c1aabbad258
-
SHA1
d20d97c7cc0393998da224b3d7e8db2777bc7343
-
SHA256
2cead47080339a4cc23f02109c577179866f3401900bf72c8f877177ba9ba29f
-
SHA512
11a003735dd4d295ca5b60e44715a7c2a2b9f8e1edbd0b7563d4b02f350e8228a6c023461199c97b52d350b31241d7dd9856303aae02ba128fa11b0b3f72cd08
-
SSDEEP
24576:+y9Wgq1YGXtGr8l+MzmmiUjfvDdKnAP3hEA3UjQ9QdKBmT9rKo9e/ir:N9XEYow84MEMBKn4ajpdKBS0/i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-