Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4405f9b5e9321518a0b73255af4c16cd69b376348ea5cab0b157a67c7abfd65c
-
Size
1.0MB
-
Sample
230414-ebsv8shd71
-
MD5
55a536ad2885e6176eacf48e1496c88f
-
SHA1
3227347217a682bd8791ae038b30262c1cdbd3c9
-
SHA256
4405f9b5e9321518a0b73255af4c16cd69b376348ea5cab0b157a67c7abfd65c
-
SHA512
9ae74537c0c94a857a41f61a2ecd9be14c85e3d291a543d537628a4b0695dbcd1ee21066c4302b776ef06bc29f5fce83132de1f56ddb3f9dfa05df209c3815aa
-
SSDEEP
24576:hyzOrKi8KgLXWyIjbgT2wjrOlnty++HHkeCuioR8RCv:U1iuWyeErCM+MkdboiRC
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
4405f9b5e9321518a0b73255af4c16cd69b376348ea5cab0b157a67c7abfd65c
-
Size
1.0MB
-
MD5
55a536ad2885e6176eacf48e1496c88f
-
SHA1
3227347217a682bd8791ae038b30262c1cdbd3c9
-
SHA256
4405f9b5e9321518a0b73255af4c16cd69b376348ea5cab0b157a67c7abfd65c
-
SHA512
9ae74537c0c94a857a41f61a2ecd9be14c85e3d291a543d537628a4b0695dbcd1ee21066c4302b776ef06bc29f5fce83132de1f56ddb3f9dfa05df209c3815aa
-
SSDEEP
24576:hyzOrKi8KgLXWyIjbgT2wjrOlnty++HHkeCuioR8RCv:U1iuWyeErCM+MkdboiRC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-