Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
41bc8e8a4013beb216c7e410f6151f929479b98f916878b59fb7ad707fb768eb
-
Size
577KB
-
Sample
230616-c6ewrace45
-
MD5
b097394fef28c1b44c1ebe9b10585f60
-
SHA1
0e9748d3dff6b97b0703d8e2bca1ebad32f6a8cc
-
SHA256
41bc8e8a4013beb216c7e410f6151f929479b98f916878b59fb7ad707fb768eb
-
SHA512
ce04d6527c5d9b7f63b685e437ce0b4d10b27a1ea69aa19a3dbf7dfd47d1c26a3d7a22e6131ed2b31893937817dfbcdc0ac2c4d613511ad2f6104c46d225faec
-
SSDEEP
12288:bMrey90NLjSDIB0sAmndK3fsjjGokae1bmBCxSc820rv9F:dywLj+IpA4d8UUaiKCxSc8vL
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
41bc8e8a4013beb216c7e410f6151f929479b98f916878b59fb7ad707fb768eb
-
Size
577KB
-
MD5
b097394fef28c1b44c1ebe9b10585f60
-
SHA1
0e9748d3dff6b97b0703d8e2bca1ebad32f6a8cc
-
SHA256
41bc8e8a4013beb216c7e410f6151f929479b98f916878b59fb7ad707fb768eb
-
SHA512
ce04d6527c5d9b7f63b685e437ce0b4d10b27a1ea69aa19a3dbf7dfd47d1c26a3d7a22e6131ed2b31893937817dfbcdc0ac2c4d613511ad2f6104c46d225faec
-
SSDEEP
12288:bMrey90NLjSDIB0sAmndK3fsjjGokae1bmBCxSc820rv9F:dywLj+IpA4d8UUaiKCxSc8vL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-