Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
29bdd361b1bd387b358496156a4bd311ab8f0a681d1f149bd4ef476f0e22c81d
-
Size
850KB
-
Sample
230411-rfwtxaee5v
-
MD5
71757cc14b7c37031dfb21584e0a3af7
-
SHA1
7ed93be600e47c5d992df7867f182c23895ce7b9
-
SHA256
29bdd361b1bd387b358496156a4bd311ab8f0a681d1f149bd4ef476f0e22c81d
-
SHA512
27ded3627e99b163f8a0f6ee09b5de99c01367bcfef101d9e5aa6318ab536bbed9394867d3cb79d68e6040e56b59dad01f5355d5cdabc8670b5ddebc4c27fc2a
-
SSDEEP
24576:zyPQCRDGSrK8eKOzKdbJL+mVOTPdcVE4:GIfJ8e4dbJNVOxci
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
29bdd361b1bd387b358496156a4bd311ab8f0a681d1f149bd4ef476f0e22c81d
-
Size
850KB
-
MD5
71757cc14b7c37031dfb21584e0a3af7
-
SHA1
7ed93be600e47c5d992df7867f182c23895ce7b9
-
SHA256
29bdd361b1bd387b358496156a4bd311ab8f0a681d1f149bd4ef476f0e22c81d
-
SHA512
27ded3627e99b163f8a0f6ee09b5de99c01367bcfef101d9e5aa6318ab536bbed9394867d3cb79d68e6040e56b59dad01f5355d5cdabc8670b5ddebc4c27fc2a
-
SSDEEP
24576:zyPQCRDGSrK8eKOzKdbJL+mVOTPdcVE4:GIfJ8e4dbJNVOxci
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-