Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b
-
Size
989KB
-
Sample
230330-vv5xxade63
-
MD5
afa42a92ccc2105c3d4806f28ba3528d
-
SHA1
92deb1efe2616d42545fbc069552f87cff53fc97
-
SHA256
d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b
-
SHA512
93d9da5b63cc80dc2f7fb1987841b772cad1d3e1572c1351fc62642de0780d2e8d885e0e85ae564a8e6450adfc94daa0697ab1b6b0b53b43198d5b8c5e4d9b84
-
SSDEEP
24576:4y+J0NhpPJCnQwHMsKYe7b01BiKzphPUuw9Ng6glm/H1Chv:/++pPJZie7byBLzpXEgjm/Vq
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lino
176.113.115.145:4125
-
auth_value
ac19251c9237676a0dd7d46d3f536e96
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b
-
Size
989KB
-
MD5
afa42a92ccc2105c3d4806f28ba3528d
-
SHA1
92deb1efe2616d42545fbc069552f87cff53fc97
-
SHA256
d285f202ad6a1c14c5bd3d20a1807c921dcc805d2421a4bf17a55c1a8671325b
-
SHA512
93d9da5b63cc80dc2f7fb1987841b772cad1d3e1572c1351fc62642de0780d2e8d885e0e85ae564a8e6450adfc94daa0697ab1b6b0b53b43198d5b8c5e4d9b84
-
SSDEEP
24576:4y+J0NhpPJCnQwHMsKYe7b01BiKzphPUuw9Ng6glm/H1Chv:/++pPJZie7byBLzpXEgjm/Vq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-