Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4c1c563a53c49e4a8b2033287b79033cba1f4cb4ffda2343fce10a490426bec3
-
Size
1.2MB
-
Sample
230413-dvletsha69
-
MD5
7f87aaa0aaebcb6b6aa8cbd87de81473
-
SHA1
af347474443471aa6da1cf0fd7d4366a8f1adb24
-
SHA256
4c1c563a53c49e4a8b2033287b79033cba1f4cb4ffda2343fce10a490426bec3
-
SHA512
089b381821fdc039ca05826b87518c3a2f983b1b6bb08f0f39bfdd2c4c7b9db6f848d31b1d57f7f107746f15fd3b07bfeb963adfd49dce8b2bbdfb737702a898
-
SSDEEP
24576:iy8NOIEvVZDg+FfO0CGpkhquI1Ivm8mI1nTrgroWr6mz36H:J8+lf5vpui98PgroWrD
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diro
185.161.248.90:4125
-
auth_value
ae95bda0dd2e95169886a3a68138568b
Targets
-
-
Target
4c1c563a53c49e4a8b2033287b79033cba1f4cb4ffda2343fce10a490426bec3
-
Size
1.2MB
-
MD5
7f87aaa0aaebcb6b6aa8cbd87de81473
-
SHA1
af347474443471aa6da1cf0fd7d4366a8f1adb24
-
SHA256
4c1c563a53c49e4a8b2033287b79033cba1f4cb4ffda2343fce10a490426bec3
-
SHA512
089b381821fdc039ca05826b87518c3a2f983b1b6bb08f0f39bfdd2c4c7b9db6f848d31b1d57f7f107746f15fd3b07bfeb963adfd49dce8b2bbdfb737702a898
-
SSDEEP
24576:iy8NOIEvVZDg+FfO0CGpkhquI1Ivm8mI1nTrgroWr6mz36H:J8+lf5vpui98PgroWrD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-