Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21b6033f89058cadf1ae02f35074316250234dc65c1fe91daa2d02a5664eeae8
-
Size
1.1MB
-
Sample
230412-jlxz6acc9s
-
MD5
8dbef5e0eab8fe1591f7ec33d8374c3b
-
SHA1
7b0b294cd41443cf0b6c3e8ee49fe4b200ac9e39
-
SHA256
21b6033f89058cadf1ae02f35074316250234dc65c1fe91daa2d02a5664eeae8
-
SHA512
ef1891eee3b697fb3e949dec44790cd7196f6d1aa57bba7b7193ac023ff3821ce81f45f866eff4fbcf903242eaf59abd86ee998e2db50a35ae10a10c519a8865
-
SSDEEP
24576:LytYmNYsOj9GF8hji2Qdy4QHVDuMdqS8bSgeduVvjQNAr:+tYGUhVAdyhHpuK8bdIuQA
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
21b6033f89058cadf1ae02f35074316250234dc65c1fe91daa2d02a5664eeae8
-
Size
1.1MB
-
MD5
8dbef5e0eab8fe1591f7ec33d8374c3b
-
SHA1
7b0b294cd41443cf0b6c3e8ee49fe4b200ac9e39
-
SHA256
21b6033f89058cadf1ae02f35074316250234dc65c1fe91daa2d02a5664eeae8
-
SHA512
ef1891eee3b697fb3e949dec44790cd7196f6d1aa57bba7b7193ac023ff3821ce81f45f866eff4fbcf903242eaf59abd86ee998e2db50a35ae10a10c519a8865
-
SSDEEP
24576:LytYmNYsOj9GF8hji2Qdy4QHVDuMdqS8bSgeduVvjQNAr:+tYGUhVAdyhHpuK8bdIuQA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-