Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2ce965ef6906d9af587fa2ffcbf8571268e1a9e7a1522f7b2ef325d95ad3e70
-
Size
1.1MB
-
Sample
230414-a4cx9sfb97
-
MD5
4ecc85f56d3044a6d39914d9f19f8517
-
SHA1
81c50018507ce43f9d7a20c685b1b25096365ba1
-
SHA256
b2ce965ef6906d9af587fa2ffcbf8571268e1a9e7a1522f7b2ef325d95ad3e70
-
SHA512
0d0e382ed60ab88918f07674721fb4f22fa935677ee9bad32fe4c09d3a43e0418df1334a7c47ce92349f3c150bafc5acd85aa2a3a03395f8fd293e8b5c84c133
-
SSDEEP
24576:5yzDD+gq+zFq+USwXj1lfDt1oAgfCVBVP7b24Vr6ze0ydpE:sPD+g/F9wXnfJ1ZgfAfTb2iZ
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
b2ce965ef6906d9af587fa2ffcbf8571268e1a9e7a1522f7b2ef325d95ad3e70
-
Size
1.1MB
-
MD5
4ecc85f56d3044a6d39914d9f19f8517
-
SHA1
81c50018507ce43f9d7a20c685b1b25096365ba1
-
SHA256
b2ce965ef6906d9af587fa2ffcbf8571268e1a9e7a1522f7b2ef325d95ad3e70
-
SHA512
0d0e382ed60ab88918f07674721fb4f22fa935677ee9bad32fe4c09d3a43e0418df1334a7c47ce92349f3c150bafc5acd85aa2a3a03395f8fd293e8b5c84c133
-
SSDEEP
24576:5yzDD+gq+zFq+USwXj1lfDt1oAgfCVBVP7b24Vr6ze0ydpE:sPD+g/F9wXnfJ1ZgfAfTb2iZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-