Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
97e08219837f3e3e3f3dc2edeeb281697fca0c31ee35c6845b5d6982fbe3b769
-
Size
1.1MB
-
Sample
230412-wdsfxsdh74
-
MD5
3bc2f23f4b79eec2ace7389de491795e
-
SHA1
b4b05a8390a68c7af5738f38fc817aae861ee8c9
-
SHA256
97e08219837f3e3e3f3dc2edeeb281697fca0c31ee35c6845b5d6982fbe3b769
-
SHA512
851dc1714a378ebd944a49b86116c86a1e7f5725ef75924ffc0132bf4f3391534b7242f73fdee4dad64def976bb10282c7d4057d3a170a8994bfd9bf6965eaf2
-
SSDEEP
24576:My+GEggJ7W/jMjiBk6n3Nw+9pPaVEA8FZDC7HYvSIN+NZfTL:7+BkjMo3NwSQEFZQYpN+NxT
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
97e08219837f3e3e3f3dc2edeeb281697fca0c31ee35c6845b5d6982fbe3b769
-
Size
1.1MB
-
MD5
3bc2f23f4b79eec2ace7389de491795e
-
SHA1
b4b05a8390a68c7af5738f38fc817aae861ee8c9
-
SHA256
97e08219837f3e3e3f3dc2edeeb281697fca0c31ee35c6845b5d6982fbe3b769
-
SHA512
851dc1714a378ebd944a49b86116c86a1e7f5725ef75924ffc0132bf4f3391534b7242f73fdee4dad64def976bb10282c7d4057d3a170a8994bfd9bf6965eaf2
-
SSDEEP
24576:My+GEggJ7W/jMjiBk6n3Nw+9pPaVEA8FZDC7HYvSIN+NZfTL:7+BkjMo3NwSQEFZQYpN+NxT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-