Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c
-
Size
945KB
-
Sample
230414-btn38agg9v
-
MD5
3b33b7b288f4a9d7abf329c5e57c3fb9
-
SHA1
669da1b989815b18adc7aadd0f7b58549623d160
-
SHA256
b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c
-
SHA512
8976e32fbe386b2a6bcf9611f6211fe8c7d5f053048defad0afe677c520e381bf00580599c0b987e036931d43bf762f689de03402c12996ce8ecfacab9b06963
-
SSDEEP
12288:SMrsy90bkn5xIFmjqn8Z+n+/jTFQjltD+Jv7tvf1wD/xB7xqI72hv+F8f1RTaljK:qyR5xlqQNQjfsv7tn0/xvamO1daEQm
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c
-
Size
945KB
-
MD5
3b33b7b288f4a9d7abf329c5e57c3fb9
-
SHA1
669da1b989815b18adc7aadd0f7b58549623d160
-
SHA256
b080be2e4d21d99e0ff80ca0bdc49cad9e0a54b2faf3cf7898acc08e86765a9c
-
SHA512
8976e32fbe386b2a6bcf9611f6211fe8c7d5f053048defad0afe677c520e381bf00580599c0b987e036931d43bf762f689de03402c12996ce8ecfacab9b06963
-
SSDEEP
12288:SMrsy90bkn5xIFmjqn8Z+n+/jTFQjltD+Jv7tvf1wD/xB7xqI72hv+F8f1RTaljK:qyR5xlqQNQjfsv7tn0/xvamO1daEQm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-