Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
46c7a334612660bf8a3fba9b6dc36889a497dc1842ecd673a3df0b76bfa13968
-
Size
963KB
-
Sample
230413-ybgbzsfa6z
-
MD5
46b88ff5862ac513bc11cf92dbf00eb2
-
SHA1
87b77dbe81932fdcaf7ec34e37bca82810aa4d91
-
SHA256
46c7a334612660bf8a3fba9b6dc36889a497dc1842ecd673a3df0b76bfa13968
-
SHA512
f5403633fb2bf59ae0ec5a6b28cefc6cc8a85338d166fa31f0960c612a0c3d2640f250130030c3a715d25efbd6df0180e2f0ee25b26caefd99f4b1028784827a
-
SSDEEP
24576:8yjJB4zIdxuHB12euoeWC5AG1J7h3XPVJDjCI0I6:rjJswxGB12oeKGXhNwI9
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diro
185.161.248.90:4125
-
auth_value
ae95bda0dd2e95169886a3a68138568b
Targets
-
-
Target
46c7a334612660bf8a3fba9b6dc36889a497dc1842ecd673a3df0b76bfa13968
-
Size
963KB
-
MD5
46b88ff5862ac513bc11cf92dbf00eb2
-
SHA1
87b77dbe81932fdcaf7ec34e37bca82810aa4d91
-
SHA256
46c7a334612660bf8a3fba9b6dc36889a497dc1842ecd673a3df0b76bfa13968
-
SHA512
f5403633fb2bf59ae0ec5a6b28cefc6cc8a85338d166fa31f0960c612a0c3d2640f250130030c3a715d25efbd6df0180e2f0ee25b26caefd99f4b1028784827a
-
SSDEEP
24576:8yjJB4zIdxuHB12euoeWC5AG1J7h3XPVJDjCI0I6:rjJswxGB12oeKGXhNwI9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-