Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87b3b41f6995b1084ef90a5aaf09877a.bin
-
Size
996KB
-
Sample
230329-bs7h6sec26
-
MD5
893fb28e0fa3bc711b390a84cfc81cc1
-
SHA1
052eddd428cad45a058d074aebc1b51fcf259d27
-
SHA256
5ab6dc3c9902e5e78a47756d41311d2536bf3c4681ce7a8cb846b088b7495e13
-
SHA512
b529bba4dbb0a6e03167b5b28b2d663eb8ae0cbd102b40a9470cbd04f1cde96c1be85a3c77a41d5d284408e1ac2efd9d385310387255b116bba43e86c8e7fea8
-
SSDEEP
24576:1gkoqJfPud1wnYQZrN9ar1bFqa3YS33wuX7:hoqJHudj+N9a5Fq9Snwur
Static task
static1
Behavioral task
behavioral1
Sample
0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293.exe
-
Size
1.0MB
-
MD5
87b3b41f6995b1084ef90a5aaf09877a
-
SHA1
709fd8289f3f9eb893648e0d09bc9878c0b3c73f
-
SHA256
0494fa919445dde14089ec1df4683fed61b2c0bec370ae99c33250e5a7814293
-
SHA512
f3e9a59dc26f80b3b766e28675300cbaf40f12e18cea5a7414d12158610800aa3d31d00a947f114ea442441a6193b4e03e6128ab2c1b3463fb92cd2a1af068b0
-
SSDEEP
24576:YyCvCcAqrvDEPN0logVJzO1ICMPY9qIV:fCvDEPNKRa1I0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-