Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
70bee557ef45d618a95929c337c85b7a82583be3843d47376cdb026b1867a5a6
-
Size
1.0MB
-
Sample
230329-gv1rasgf2z
-
MD5
b8d341cf32b34bb88759892cfae3f344
-
SHA1
15a971da4a8c83390c38607ee13492ffdd95f8a9
-
SHA256
70bee557ef45d618a95929c337c85b7a82583be3843d47376cdb026b1867a5a6
-
SHA512
1e059c1eca5e95bb449923cc3e96e9ad481181924f8debedb29338d65efe3c1e8c21da60c3a959227f9211e23f04b9cf4de6548d82db7024ecdc12f0c553c043
-
SSDEEP
24576:yy4dN9wIq4DZ8ob+RjWJf9OzY56wZtENtlq552s:Z0Z8ob+QJf9OzY5680tl0
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nado
176.113.115.145:4125
-
auth_value
a648e365d8e0df895a84152ad68ffc56
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
70bee557ef45d618a95929c337c85b7a82583be3843d47376cdb026b1867a5a6
-
Size
1.0MB
-
MD5
b8d341cf32b34bb88759892cfae3f344
-
SHA1
15a971da4a8c83390c38607ee13492ffdd95f8a9
-
SHA256
70bee557ef45d618a95929c337c85b7a82583be3843d47376cdb026b1867a5a6
-
SHA512
1e059c1eca5e95bb449923cc3e96e9ad481181924f8debedb29338d65efe3c1e8c21da60c3a959227f9211e23f04b9cf4de6548d82db7024ecdc12f0c553c043
-
SSDEEP
24576:yy4dN9wIq4DZ8ob+RjWJf9OzY56wZtENtlq552s:Z0Z8ob+QJf9OzY5680tl0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-