Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c0e105869689b21aed3491d7a37b889be0a26d659d34b5cc0ab08d21ecfda5ac
-
Size
1.1MB
-
Sample
230411-yt2ewafa97
-
MD5
d7892d21b6acf4b5f7621de5f738cd1a
-
SHA1
dcb6c7369f00928016f1b729c585bf080b012d7c
-
SHA256
c0e105869689b21aed3491d7a37b889be0a26d659d34b5cc0ab08d21ecfda5ac
-
SHA512
b5f63b976862e40992e69d94ed1385503bd4ee16d19733512088e9e742ece5cd6f1da5898f52c24e3496577f0e682666b74a060202553191197425c580090823
-
SSDEEP
24576:wysmgAnI9hq7TeB+dTm3+TADjKOZm3kcHe/2R6BD43r+qU/0K/5nC:3s7q7TeBL3WqjRZiN+/2UBsb+Fs2n
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
lore
185.161.248.90:4125
-
auth_value
523d51bd3c39801fa0405f4fb03df3c4
Extracted
amadey
3.70
80.66.79.86/joomla/index.php
Targets
-
-
Target
c0e105869689b21aed3491d7a37b889be0a26d659d34b5cc0ab08d21ecfda5ac
-
Size
1.1MB
-
MD5
d7892d21b6acf4b5f7621de5f738cd1a
-
SHA1
dcb6c7369f00928016f1b729c585bf080b012d7c
-
SHA256
c0e105869689b21aed3491d7a37b889be0a26d659d34b5cc0ab08d21ecfda5ac
-
SHA512
b5f63b976862e40992e69d94ed1385503bd4ee16d19733512088e9e742ece5cd6f1da5898f52c24e3496577f0e682666b74a060202553191197425c580090823
-
SSDEEP
24576:wysmgAnI9hq7TeB+dTm3+TADjKOZm3kcHe/2R6BD43r+qU/0K/5nC:3s7q7TeBL3WqjRZiN+/2UBsb+Fs2n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-