Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
265b6b6fbf0d82cc52d75bd070af669244aa2ce407e58acbfb08b855bf9ed4a9
-
Size
1.2MB
-
Sample
230415-kr2e7sfb4v
-
MD5
240e8b308b176254a0b32c320a010554
-
SHA1
0cac571b76654f7e34b07666dd5c68a515b561c4
-
SHA256
265b6b6fbf0d82cc52d75bd070af669244aa2ce407e58acbfb08b855bf9ed4a9
-
SHA512
169aa5546cd8ec1b530dd7073320f5eb8a6cb8d56d15bf7215e6c36273de2eec5d6d3ee289efa2dddea6b76647a1b80020b33590ab9fe4cd74083a66ec55f99a
-
SSDEEP
24576:vy47j+HIXJh39D5OQubjYABk0R5U+SgaFKA7Dt1okxs/r92acFsoznMau2:64kIXTKQu7F0xgOXt1oUsJc3znF
Static task
static1
Malware Config
Extracted
redline
losk
185.161.248.150:4128
-
auth_value
c0a6c391e53d2d9cd27bb17d1d38ada3
Extracted
redline
diza
185.161.248.150:4128
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
265b6b6fbf0d82cc52d75bd070af669244aa2ce407e58acbfb08b855bf9ed4a9
-
Size
1.2MB
-
MD5
240e8b308b176254a0b32c320a010554
-
SHA1
0cac571b76654f7e34b07666dd5c68a515b561c4
-
SHA256
265b6b6fbf0d82cc52d75bd070af669244aa2ce407e58acbfb08b855bf9ed4a9
-
SHA512
169aa5546cd8ec1b530dd7073320f5eb8a6cb8d56d15bf7215e6c36273de2eec5d6d3ee289efa2dddea6b76647a1b80020b33590ab9fe4cd74083a66ec55f99a
-
SSDEEP
24576:vy47j+HIXJh39D5OQubjYABk0R5U+SgaFKA7Dt1okxs/r92acFsoznMau2:64kIXTKQu7F0xgOXt1oUsJc3znF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-