Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3a00b34b038b52fbb1451356925830559766e618ffc29f3ab29d73d1db3a5612
-
Size
1.2MB
-
Sample
230414-pf8glabb81
-
MD5
c8f5d8312f7706923491fcfedbc63306
-
SHA1
e12deff7126d271c6022af9e02f1108736daf14b
-
SHA256
3a00b34b038b52fbb1451356925830559766e618ffc29f3ab29d73d1db3a5612
-
SHA512
15ee9f0f192c6c0d0bc88dbf5470b9b5e7c79afe817c2128671a8f06e466f42bcda0729bd538a02da17d97fa8f5d3d895360d17a396a273ae562eaf728405722
-
SSDEEP
24576:MyHPVLdf7kx5ylMP/5TRX3Y4yMqFohsvMj+dnfccc6w:7HPbwzSY/5TNDqFTvMjknEcc
Static task
static1
Malware Config
Extracted
redline
soft
77.91.124.146:4121
-
auth_value
e65663e455bca3c5699650b66e76ceaa
Extracted
redline
dirx
77.91.124.146:4121
-
auth_value
522d988f763be056e53e089f74d464cc
Targets
-
-
Target
3a00b34b038b52fbb1451356925830559766e618ffc29f3ab29d73d1db3a5612
-
Size
1.2MB
-
MD5
c8f5d8312f7706923491fcfedbc63306
-
SHA1
e12deff7126d271c6022af9e02f1108736daf14b
-
SHA256
3a00b34b038b52fbb1451356925830559766e618ffc29f3ab29d73d1db3a5612
-
SHA512
15ee9f0f192c6c0d0bc88dbf5470b9b5e7c79afe817c2128671a8f06e466f42bcda0729bd538a02da17d97fa8f5d3d895360d17a396a273ae562eaf728405722
-
SSDEEP
24576:MyHPVLdf7kx5ylMP/5TRX3Y4yMqFohsvMj+dnfccc6w:7HPbwzSY/5TNDqFTvMjknEcc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-