Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc42d28f9eeec0dd307ebe570e96fa24ee1ce1eef9946300d6483f9f4a6979d7
-
Size
1.4MB
-
Sample
230503-vf5ctsfe24
-
MD5
3b85760d0a63a4e188429476a74b1a35
-
SHA1
8a8d4694b712bea24084629b32dbf87179e06710
-
SHA256
fc42d28f9eeec0dd307ebe570e96fa24ee1ce1eef9946300d6483f9f4a6979d7
-
SHA512
591279ec3b679268961f4f46cd4599caf25d9136b0d5bd80f7141b5cad336490412c266eaf195a16bafddd725f4f4655624e13c5ebd44259c7c18e0e870ea911
-
SSDEEP
24576:jy/Wg2DpQathExdXOG061PkLBvm9CSTIOBQM0IgMC7zJ6w1vSHS:2/Wg2DWathEx9h0GPksCSTTulz6w16H
Static task
static1
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Extracted
redline
darm
217.196.96.56:4138
-
auth_value
d88ac8ccc04ab9979b04b46313db1648
Extracted
redline
boom
217.196.96.56:4138
-
auth_value
1ce6aebe15bac07a7bc88b114bc49335
Targets
-
-
Target
fc42d28f9eeec0dd307ebe570e96fa24ee1ce1eef9946300d6483f9f4a6979d7
-
Size
1.4MB
-
MD5
3b85760d0a63a4e188429476a74b1a35
-
SHA1
8a8d4694b712bea24084629b32dbf87179e06710
-
SHA256
fc42d28f9eeec0dd307ebe570e96fa24ee1ce1eef9946300d6483f9f4a6979d7
-
SHA512
591279ec3b679268961f4f46cd4599caf25d9136b0d5bd80f7141b5cad336490412c266eaf195a16bafddd725f4f4655624e13c5ebd44259c7c18e0e870ea911
-
SSDEEP
24576:jy/Wg2DpQathExdXOG061PkLBvm9CSTIOBQM0IgMC7zJ6w1vSHS:2/Wg2DWathEx9h0GPksCSTTulz6w16H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-