Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eda3f3152248552015622e64cf6b86d67e3e3b758fb1e5dd58cc0b6651c5954d
-
Size
576KB
-
Sample
230616-ak4lwabg2z
-
MD5
c7761893c717c21a4fe77eabe6e1c175
-
SHA1
4ba52ec0a4aa81d3634daf6c361b2a204fa6fe3c
-
SHA256
eda3f3152248552015622e64cf6b86d67e3e3b758fb1e5dd58cc0b6651c5954d
-
SHA512
5658ddadee96fb85adc5d854f24af969902ddf5d87ee56c9c345362e1ca5107c429715b023cc7abfb0a98fa8c07034442a4f680db55fa1a92bac54e47e15ee7c
-
SSDEEP
12288:LMroy907OtjbVd0hxpMVcBtaiqaw0K1OVwljMI:zyrtgzmV4wa41Oy
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
eda3f3152248552015622e64cf6b86d67e3e3b758fb1e5dd58cc0b6651c5954d
-
Size
576KB
-
MD5
c7761893c717c21a4fe77eabe6e1c175
-
SHA1
4ba52ec0a4aa81d3634daf6c361b2a204fa6fe3c
-
SHA256
eda3f3152248552015622e64cf6b86d67e3e3b758fb1e5dd58cc0b6651c5954d
-
SHA512
5658ddadee96fb85adc5d854f24af969902ddf5d87ee56c9c345362e1ca5107c429715b023cc7abfb0a98fa8c07034442a4f680db55fa1a92bac54e47e15ee7c
-
SSDEEP
12288:LMroy907OtjbVd0hxpMVcBtaiqaw0K1OVwljMI:zyrtgzmV4wa41Oy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-