Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d2ab24d7d57bc2ec5caa72acbed6c66651e02fd7917d66eb364e4df1cee4c80d
-
Size
1.1MB
-
Sample
230413-z4k2baec79
-
MD5
3747a1d33fe0afb71e9ef70d36a4ff55
-
SHA1
9a7ea30f5b39a2b276d28b0cbafb003566f1ef4c
-
SHA256
d2ab24d7d57bc2ec5caa72acbed6c66651e02fd7917d66eb364e4df1cee4c80d
-
SHA512
5f2e61ece8c22aa8fdd4a2c7abbcdd8f1bc25964c4032caeeaeb75b345f20501f61b00ee87502e80ea1311372d11c3807f6250471231fb903c5b5f105bda6072
-
SSDEEP
24576:ey/wev8slEnhObrN7u7JzAeD2uazD/ZgFms5c1:t/wIl0hqo75AeczD/GF4
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
d2ab24d7d57bc2ec5caa72acbed6c66651e02fd7917d66eb364e4df1cee4c80d
-
Size
1.1MB
-
MD5
3747a1d33fe0afb71e9ef70d36a4ff55
-
SHA1
9a7ea30f5b39a2b276d28b0cbafb003566f1ef4c
-
SHA256
d2ab24d7d57bc2ec5caa72acbed6c66651e02fd7917d66eb364e4df1cee4c80d
-
SHA512
5f2e61ece8c22aa8fdd4a2c7abbcdd8f1bc25964c4032caeeaeb75b345f20501f61b00ee87502e80ea1311372d11c3807f6250471231fb903c5b5f105bda6072
-
SSDEEP
24576:ey/wev8slEnhObrN7u7JzAeD2uazD/ZgFms5c1:t/wIl0hqo75AeczD/GF4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-