Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b45eb1f1b63e16b6843089f1f9a1ed693d9f7093e192462e0f97d97e838e4e5d
-
Size
1.1MB
-
Sample
230412-v7dn7adh32
-
MD5
d84f4c2ae65ea3d0e8fe271391837237
-
SHA1
c262ad01a0261b92ac38ef85fac583c5ae6204de
-
SHA256
b45eb1f1b63e16b6843089f1f9a1ed693d9f7093e192462e0f97d97e838e4e5d
-
SHA512
a56da3c9ce0ef6bafdb65425d3f4d7538e75d448edddb378f9786e8dd9669061c4b99ebb2e301a59f18e0630d33f35241e1be1d8e24f193ad1a5959068ddf36f
-
SSDEEP
24576:wyaILrPl3ejVH8g7eMEXbTQNY+QpdEBJtg4to9QBZqIHy1fDqvI:3awx3epHCMyb8NYPIsFafUlO
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
b45eb1f1b63e16b6843089f1f9a1ed693d9f7093e192462e0f97d97e838e4e5d
-
Size
1.1MB
-
MD5
d84f4c2ae65ea3d0e8fe271391837237
-
SHA1
c262ad01a0261b92ac38ef85fac583c5ae6204de
-
SHA256
b45eb1f1b63e16b6843089f1f9a1ed693d9f7093e192462e0f97d97e838e4e5d
-
SHA512
a56da3c9ce0ef6bafdb65425d3f4d7538e75d448edddb378f9786e8dd9669061c4b99ebb2e301a59f18e0630d33f35241e1be1d8e24f193ad1a5959068ddf36f
-
SSDEEP
24576:wyaILrPl3ejVH8g7eMEXbTQNY+QpdEBJtg4to9QBZqIHy1fDqvI:3awx3epHCMyb8NYPIsFafUlO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-