Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8402542d89ae9070226f3a9a86a6afa63d4f9d52fdc94bf8f785705f99bab44d
-
Size
1.0MB
-
Sample
230415-fms6tadb35
-
MD5
ff4b424f7fb776d88f6f3d83aec2a0ef
-
SHA1
dbb4be7f4bd80028f7b3b1c5ee36341365f9eb44
-
SHA256
8402542d89ae9070226f3a9a86a6afa63d4f9d52fdc94bf8f785705f99bab44d
-
SHA512
15988ba052f16779a4bab59676be23c88e10888b175302503f70ec876f5a14d06594317269af8c63e92cf69650a47350f35dac4d9836f3abf1f08b1c9c52d0bd
-
SSDEEP
24576:ey3v5DLF/O6gCwUuMQJsdJ8XWKrFyqY3QJ66roQ4L4Fm9m:t3xl/OwJmJA6mzqSQ3l4N
Static task
static1
Malware Config
Extracted
redline
soft
77.91.124.146:4121
-
auth_value
e65663e455bca3c5699650b66e76ceaa
Extracted
redline
dirx
77.91.124.146:4121
-
auth_value
522d988f763be056e53e089f74d464cc
Targets
-
-
Target
8402542d89ae9070226f3a9a86a6afa63d4f9d52fdc94bf8f785705f99bab44d
-
Size
1.0MB
-
MD5
ff4b424f7fb776d88f6f3d83aec2a0ef
-
SHA1
dbb4be7f4bd80028f7b3b1c5ee36341365f9eb44
-
SHA256
8402542d89ae9070226f3a9a86a6afa63d4f9d52fdc94bf8f785705f99bab44d
-
SHA512
15988ba052f16779a4bab59676be23c88e10888b175302503f70ec876f5a14d06594317269af8c63e92cf69650a47350f35dac4d9836f3abf1f08b1c9c52d0bd
-
SSDEEP
24576:ey3v5DLF/O6gCwUuMQJsdJ8XWKrFyqY3QJ66roQ4L4Fm9m:t3xl/OwJmJA6mzqSQ3l4N
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-