Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bf1dc0ec09904b31d17b0756d3c72769b6a3034cd71c50c13354fc3d8bfa691f
-
Size
1.0MB
-
Sample
230412-va915ade77
-
MD5
7fc6960a8d7c89a85ffec43c6efcc9c0
-
SHA1
6fb0278c3f4f20a259e26e21e1d4bb3da2a2d9fb
-
SHA256
bf1dc0ec09904b31d17b0756d3c72769b6a3034cd71c50c13354fc3d8bfa691f
-
SHA512
b0ef1ab9c1a6999204168e60e496de1436d16368d95999385ee0e626cfc2e07b295a65a1138d1f75e0e0d06a62c6a07ca27f515fe2d7b5a8eeca4427b0312e44
-
SSDEEP
24576:lyEKiRxr1SVTmNwVFhwEjJiefLMQLSfovxyvvQntnj:Aqr14qNw2iNfLMQLMovxyvvQtn
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
bf1dc0ec09904b31d17b0756d3c72769b6a3034cd71c50c13354fc3d8bfa691f
-
Size
1.0MB
-
MD5
7fc6960a8d7c89a85ffec43c6efcc9c0
-
SHA1
6fb0278c3f4f20a259e26e21e1d4bb3da2a2d9fb
-
SHA256
bf1dc0ec09904b31d17b0756d3c72769b6a3034cd71c50c13354fc3d8bfa691f
-
SHA512
b0ef1ab9c1a6999204168e60e496de1436d16368d95999385ee0e626cfc2e07b295a65a1138d1f75e0e0d06a62c6a07ca27f515fe2d7b5a8eeca4427b0312e44
-
SSDEEP
24576:lyEKiRxr1SVTmNwVFhwEjJiefLMQLSfovxyvvQntnj:Aqr14qNw2iNfLMQLMovxyvvQtn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-