Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1ce2622c0f126b9777e1acce5689254a43ded8c97e7198843b5cb61554a89170
-
Size
1.1MB
-
Sample
230413-w2a7jsdc85
-
MD5
ba61f5101e813226e8c7b7f5d17ee3a2
-
SHA1
88644434862d27d357fd0b316e3624c0ce7477bd
-
SHA256
1ce2622c0f126b9777e1acce5689254a43ded8c97e7198843b5cb61554a89170
-
SHA512
44b750294b2c68f287474120f4f28a3be135cf5e91f66d78226a3a1b6b5abd9bda125cfa9c1e1fe2a60d1bbd23a3d2bfbcb06dfff0144df34790004cee7b1f0e
-
SSDEEP
24576:Dywp/ex/d/SpVevXnCCDn3ZHpFULLUacEnm8CmXCdHaKC/:Wwod0VOCMn3ZHpFU/lcEnmeCdHL
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diro
185.161.248.90:4125
-
auth_value
ae95bda0dd2e95169886a3a68138568b
Targets
-
-
Target
1ce2622c0f126b9777e1acce5689254a43ded8c97e7198843b5cb61554a89170
-
Size
1.1MB
-
MD5
ba61f5101e813226e8c7b7f5d17ee3a2
-
SHA1
88644434862d27d357fd0b316e3624c0ce7477bd
-
SHA256
1ce2622c0f126b9777e1acce5689254a43ded8c97e7198843b5cb61554a89170
-
SHA512
44b750294b2c68f287474120f4f28a3be135cf5e91f66d78226a3a1b6b5abd9bda125cfa9c1e1fe2a60d1bbd23a3d2bfbcb06dfff0144df34790004cee7b1f0e
-
SSDEEP
24576:Dywp/ex/d/SpVevXnCCDn3ZHpFULLUacEnm8CmXCdHaKC/:Wwod0VOCMn3ZHpFU/lcEnmeCdHL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-