Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
798ae59bff93bbbe9a41f74ca8dfbab9d9d4c9aa4b944f6db45f75172ea3876f
-
Size
1.1MB
-
Sample
230412-epmldabc3s
-
MD5
d384b803d154a93b0f814d43a216cf20
-
SHA1
a8e46a6e5154cad7743c19b3dfb1f7b291a79709
-
SHA256
798ae59bff93bbbe9a41f74ca8dfbab9d9d4c9aa4b944f6db45f75172ea3876f
-
SHA512
06af4888443f64f11c7ba2908c9a7758db2536bdd82af703569b1fc9fd6f93d4e2963701cedae4cdab47b3a6bc002a062fbbb90dad526a6245aec084fb0bedf8
-
SSDEEP
12288:ZMrmy905DVqNWPKma61R1KHIJdvqjT3jOs0+UeGcUxJVM2scAitjbIlwef9s4Cb:DyyxP0CR1ndvqjZ1donn1D4Cb
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
lore
185.161.248.90:4125
-
auth_value
523d51bd3c39801fa0405f4fb03df3c4
Extracted
amadey
3.70
80.66.79.86/joomla/index.php
Targets
-
-
Target
798ae59bff93bbbe9a41f74ca8dfbab9d9d4c9aa4b944f6db45f75172ea3876f
-
Size
1.1MB
-
MD5
d384b803d154a93b0f814d43a216cf20
-
SHA1
a8e46a6e5154cad7743c19b3dfb1f7b291a79709
-
SHA256
798ae59bff93bbbe9a41f74ca8dfbab9d9d4c9aa4b944f6db45f75172ea3876f
-
SHA512
06af4888443f64f11c7ba2908c9a7758db2536bdd82af703569b1fc9fd6f93d4e2963701cedae4cdab47b3a6bc002a062fbbb90dad526a6245aec084fb0bedf8
-
SSDEEP
12288:ZMrmy905DVqNWPKma61R1KHIJdvqjT3jOs0+UeGcUxJVM2scAitjbIlwef9s4Cb:DyyxP0CR1ndvqjZ1donn1D4Cb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-