Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4f458855682c2dcee02964c827a47a5a5b6e7334a257d9125f3793d20c36495a
-
Size
977KB
-
Sample
230403-hyhwbsdc87
-
MD5
bc617c40ce13c0b79d90175653b6206c
-
SHA1
041c0db834623c14a0a78d5f6d86de701bbd69f7
-
SHA256
4f458855682c2dcee02964c827a47a5a5b6e7334a257d9125f3793d20c36495a
-
SHA512
e0904f836c26bb21fcd9ffbce84b5b4093e35a1c5e639d0d295ee9048ffdf92a2f9f44ea3c9845d1531d8ddfbf5913bc338190efddc4727f75bd2c2f5a37b603
-
SSDEEP
12288:fMrjy90drzM442g7BC7J2beKqfss04XlDU02v+5t4juCBcKvNXoE+bsYHv:kyEz/4L8KCss044m5t4juCqKvNoE+5v
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
link
176.113.115.145:4125
-
auth_value
77e4c7bc6fea5ae755b29e8aea8f7012
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
4f458855682c2dcee02964c827a47a5a5b6e7334a257d9125f3793d20c36495a
-
Size
977KB
-
MD5
bc617c40ce13c0b79d90175653b6206c
-
SHA1
041c0db834623c14a0a78d5f6d86de701bbd69f7
-
SHA256
4f458855682c2dcee02964c827a47a5a5b6e7334a257d9125f3793d20c36495a
-
SHA512
e0904f836c26bb21fcd9ffbce84b5b4093e35a1c5e639d0d295ee9048ffdf92a2f9f44ea3c9845d1531d8ddfbf5913bc338190efddc4727f75bd2c2f5a37b603
-
SSDEEP
12288:fMrjy90drzM442g7BC7J2beKqfss04XlDU02v+5t4juCBcKvNXoE+bsYHv:kyEz/4L8KCss044m5t4juCqKvNoE+5v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-