Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
28457de7f5f9a4825cb619f02d4ce31223383cd10e5e8d6b8d4e3fb357444b80
-
Size
1.1MB
-
Sample
230411-y7v51sfb95
-
MD5
54914aaf036dd9036dfcf117de5f39c4
-
SHA1
4a7fe34896274563a220dfc98e68badebcb21e39
-
SHA256
28457de7f5f9a4825cb619f02d4ce31223383cd10e5e8d6b8d4e3fb357444b80
-
SHA512
607f665bb2800b426a711a3e01f0bb8d379cb7269be721508b9b73e787b5ee5ef29fe809a69392c8c7b1eee734170435934ead7686173cfae6ef6af2cfaf91e8
-
SSDEEP
24576:Iy1cZ1SDlypmg2z0eigMfMAnj/qUZjQg+2y6515D:P1+mlyFjezI/j/qqjpt3
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
lore
185.161.248.90:4125
-
auth_value
523d51bd3c39801fa0405f4fb03df3c4
Extracted
amadey
3.70
80.66.79.86/joomla/index.php
Targets
-
-
Target
28457de7f5f9a4825cb619f02d4ce31223383cd10e5e8d6b8d4e3fb357444b80
-
Size
1.1MB
-
MD5
54914aaf036dd9036dfcf117de5f39c4
-
SHA1
4a7fe34896274563a220dfc98e68badebcb21e39
-
SHA256
28457de7f5f9a4825cb619f02d4ce31223383cd10e5e8d6b8d4e3fb357444b80
-
SHA512
607f665bb2800b426a711a3e01f0bb8d379cb7269be721508b9b73e787b5ee5ef29fe809a69392c8c7b1eee734170435934ead7686173cfae6ef6af2cfaf91e8
-
SSDEEP
24576:Iy1cZ1SDlypmg2z0eigMfMAnj/qUZjQg+2y6515D:P1+mlyFjezI/j/qqjpt3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-